All Apps and Add-ons

How do I connect Splunk to Server for example Domain Controller

New Member

I am configuring splunk to monitor AD but I am not able to ping AD server from Splunk. How do I accomplish it. Actually I want to configure Splunk support Add on for Active Directory but not able to do so because my splunk is on AWS and AD is on prem.

How do I do it?

0 Karma

Esteemed Legend

Hi @Amandeepsin,
why do you want to ping DC?
you need only to have on the DCs a Universal Forwarder and all the Technical Add-ons (TAs) required by the app you want (the TAs you listed in the question).
Then the UFs send their logs to Splunk Clud, usually passing through an Heavy Forwarder (to avoid to open too many routes on firewall).

You can configure the TAs in two ways:

  • you can manually manage UFs,
  • you can manage TAs using a Deployment Server (better!).

In the first case, you have to manually add and configure TAs on each server to monitor.
In the second case, you have to follow the procedure to manage UFs using a Deployment Server ( ).

The Deployment Server must be a dedicated server if it has to manage more than 50 clients, otherwise it can stay on a server with also other roles.

To complete the answer, I hint to re-design your architecture because usually using Splunk Cloud it's better to use two Heavy Forwarders as log concentrators to avoid Single Points of Failue.


0 Karma

New Member


I am using Splunk Enterprise and we want to monitor AD. For that I am using Windows infra App. This app requires one Add on i.e. Splunk Supporting Add on for AD and while doing configurations I need to provide Hostname and credentials ( Hostname of LDAP Server which is DC in my case ). How do I make connection with this DC? Installing Splunk Forwarder will make connection from DC to Splunk not vice Versa but I am not completely sure. Because Splunk talks over internet and outgoing ports are open in our DC but not incoming..

Not sure if authentication is done over SSL.. If yes, then how?

0 Karma


You install the Splunk Universal Forwarder on the DC and it will perform a PUSH to the Splunk environment.
Assuming the appropriate ports are open on your AWS instance.

Universal Forwarder:

Required Ports:

0 Karma


Additionally, you will need the appropriate Technology Add-On to properly ingest the AD/Windows data:

0 Karma
Get Updates on the Splunk Community!

Index This | A sphere has three, a circle has two, and a point has zero. What is it?

September 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...