Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: TA for Windows AD
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TA for Windows AD
Hi everyone, Splunk newbie here. I'm currently trying to install the Splunk App for Active Directory version 1.2 and I wanted to make sure I understood the steps for configuring the Universal forwarder. Do I need to install the Splunk App for AD on the universal forwarder or just the Technology Add On that came with the app? Do I need to do any additional configuration at that point?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
keep in mind most apps in splunk base are templates and require some customization. This becomes more important as you begin layering apps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your quick response I was a little confused by the documentation.
Basically I would copy over the correct TAs to the \SplunkUniversalForwarder\etc\apps folder and If I'm happy with the defaults then I'm done.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
You only need to install the full app in the Splunk server. You have to install the TA on top of the universal forwarder.
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you could tell me where you found the documentation confusing, that would be most helpful.
Remember also that you need to install the Splunk TA for Windows as well as the Splunk App for Active Directory helper TAs for the version of Windows Server that the domain controllers and DNS servers in your environment run.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That´s it
You´ll need to restart the UF, and maybe set to enable some inputs, that may come disabled by default
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your quick response I was a little confused by the documentation.
Basically I would copy over the correct TAs to the \SplunkUniversalForwarder\etc\apps folder and If I'm happy with the defaults then I'm done.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
