I am configuring splunk to monitor AD but I am not able to ping AD server from Splunk. How do I accomplish it. Actually I want to configure Splunk support Add on for Active Directory but not able to do so because my splunk is on AWS and AD is on prem.
why do you want to ping DC?
you need only to have on the DCs a Universal Forwarder and all the Technical Add-ons (TAs) required by the app you want (the TAs you listed in the question).
Then the UFs send their logs to Splunk Clud, usually passing through an Heavy Forwarder (to avoid to open too many routes on firewall).
You can configure the TAs in two ways:
you can manually manage UFs,
you can manage TAs using a Deployment Server (better!).
I am using Splunk Enterprise and we want to monitor AD. For that I am using Windows infra App. This app requires one Add on i.e. Splunk Supporting Add on for AD and while doing configurations I need to provide Hostname and credentials ( Hostname of LDAP Server which is DC in my case ). How do I make connection with this DC? Installing Splunk Forwarder will make connection from DC to Splunk not vice Versa but I am not completely sure. Because Splunk talks over internet and outgoing ports are open in our DC but not incoming..
Not sure if authentication is done over SSL.. If yes, then how?