Re: TA for Windows AD

knewter · ‎06-06-2013

Hi everyone, Splunk newbie here. I'm currently trying to install the Splunk App for Active Directory version 1.2 and I wanted to make sure I understood the steps for configuring the Universal forwarder. Do I need to install the Splunk App for AD on the universal forwarder or just the Technology Add On that came with the app? Do I need to do any additional configuration at that point?

Thanks

bmacias84 · ‎06-06-2013

keep in mind most apps in splunk base are templates and require some customization. This becomes more important as you begin layering apps.

knewter · ‎06-06-2013

Thanks for your quick response I was a little confused by the documentation.

Basically I would copy over the correct TAs to the \SplunkUniversalForwarder\etc\apps folder and If I'm happy with the defaults then I'm done.

gfuente · ‎06-06-2013

Hello

You only need to install the full app in the Splunk server. You have to install the TA on top of the universal forwarder.

Regards

malmoore · ‎06-06-2013

If you could tell me where you found the documentation confusing, that would be most helpful.

Remember also that you need to install the Splunk TA for Windows as well as the Splunk App for Active Directory helper TAs for the version of Windows Server that the domain controllers and DNS servers in your environment run.

http://docs.splunk.com/Documentation/ActiveDirectory/latest/DeployAD/Deploymentprocess#x3._Install_a...

gfuente · ‎06-06-2013

That´s it

You´ll need to restart the UF, and maybe set to enable some inputs, that may come disabled by default

Regards

knewter · ‎06-06-2013

Thanks for your quick response I was a little confused by the documentation.

Basically I would copy over the correct TAs to the \SplunkUniversalForwarder\etc\apps folder and If I'm happy with the defaults then I'm done.

TA for Windows AD

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!