Hi everyone, Splunk newbie here. I'm currently trying to install the Splunk App for Active Directory version 1.2 and I wanted to make sure I understood the steps for configuring the Universal forwarder. Do I need to install the Splunk App for AD on the universal forwarder or just the Technology Add On that came with the app? Do I need to do any additional configuration at that point?
Thanks
keep in mind most apps in splunk base are templates and require some customization. This becomes more important as you begin layering apps.
Thanks for your quick response I was a little confused by the documentation.
Basically I would copy over the correct TAs to the \SplunkUniversalForwarder\etc\apps folder and If I'm happy with the defaults then I'm done.
Hello
You only need to install the full app in the Splunk server. You have to install the TA on top of the universal forwarder.
Regards
If you could tell me where you found the documentation confusing, that would be most helpful.
Remember also that you need to install the Splunk TA for Windows as well as the Splunk App for Active Directory helper TAs for the version of Windows Server that the domain controllers and DNS servers in your environment run.
That´s it
You´ll need to restart the UF, and maybe set to enable some inputs, that may come disabled by default
Regards
Thanks for your quick response I was a little confused by the documentation.
Basically I would copy over the correct TAs to the \SplunkUniversalForwarder\etc\apps folder and If I'm happy with the defaults then I'm done.