I have Splunk Supporting Add-on for Active Directory 2.1.4 already installed.
I noticed with Splunk Add-on for Microsoft Windows 6.0.0, it also includes Splunk Add-on for Windows Active Directory version 1.0.0 and DNS add-on.
are both add-ons required at the same or should I uninstall Splunk Supporting Add-on for Active Directory 2.1.4 ?
From what I can tell, the Splunk Add-on for Microsoft Windows 6.0.0 (which includes Windows Active Directory 1.0.0) do different things than the Splunk Supporting Add-on for AD (2.1.4)...
The Splunk Add-On for Microsoft Windows 6.0.0 is a TA, which offers indexing and extraction of Microsoft Windows Event Logs (and now AD Logs via WinEventMon:\Security- type stanzas)...
The Supporting Add-On is an SA--- which offers some functionality, particularly, SA-LDAPSearch..., which includes things like ldapfilter, ldapfetch, etc.
And also, the Supporting Add-On for AD can technically do any LDAP search, doesn't necessarily have to be AD.
You just need a server and bind credentials, certificate, etc.
ok so basically, I should keep the SA-LDAP add-on as it is and upgrade to latest windows add-on.
Thanks for clarification.