All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I connect Splunk to Server for example Domain Controller

Amandeepsin
New Member
‎03-11-2020 10:16 AM

I am configuring splunk to monitor AD but I am not able to ping AD server from Splunk. How do I accomplish it. Actually I want to configure Splunk support Add on for Active Directory but not able to do so because my splunk is on AWS and AD is on prem.

How do I do it?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-11-2020 10:28 AM

Hi @Amandeepsin,
why do you want to ping DC?
you need only to have on the DCs a Universal Forwarder and all the Technical Add-ons (TAs) required by the app you want (the TAs you listed in the question).
Then the UFs send their logs to Splunk Clud, usually passing through an Heavy Forwarder (to avoid to open too many routes on firewall).

You can configure the TAs in two ways:

  • you can manually manage UFs,
  • you can manage TAs using a Deployment Server (better!).

In the first case, you have to manually add and configure TAs on each server to monitor.
In the second case, you have to follow the procedure to manage UFs using a Deployment Server ( https://docs.splunk.com/Documentation/Splunk/8.0.2/Updating/Aboutdeploymentserver ).

The Deployment Server must be a dedicated server if it has to manage more than 50 clients, otherwise it can stay on a server with also other roles.

To complete the answer, I hint to re-design your architecture because usually using Splunk Cloud it's better to use two Heavy Forwarders as log concentrators to avoid Single Points of Failue.

Ciao.
Giuseppe

0 Karma
Reply

Amandeepsin
New Member
‎03-11-2020 10:52 PM

Hi,

I am using Splunk Enterprise and we want to monitor AD. For that I am using Windows infra App. This app requires one Add on i.e. Splunk Supporting Add on for AD and while doing configurations I need to provide Hostname and credentials ( Hostname of LDAP Server which is DC in my case ). How do I make connection with this DC? Installing Splunk Forwarder will make connection from DC to Splunk not vice Versa but I am not completely sure. Because Splunk talks over internet and outgoing ports are open in our DC but not incoming..

Not sure if authentication is done over SSL.. If yes, then how?

0 Karma
Reply

richardphung
Communicator
‎03-11-2020 10:21 AM

You install the Splunk Universal Forwarder on the DC and it will perform a PUSH to the Splunk environment.
Assuming the appropriate ports are open on your AWS instance.

Universal Forwarder:
https://www.splunk.com/en_us/download/universal-forwarder.html

Required Ports:
https://answers.splunk.com/answers/58888/what-are-the-ports-that-i-need-to-open.html

0 Karma
Reply

richardphung
Communicator
‎03-11-2020 10:24 AM

Additionally, you will need the appropriate Technology Add-On to properly ingest the AD/Windows data:

https://docs.splunk.com/Documentation/MSApp/2.0.0/MSInfra/AbouttheSplunkAppforMSInfrastructure

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...