Hi,
I have installed the splunk app for windows AD on my central instance of splunk. I am integrating windows Ad with splunk by pulling log files. Can I use the app for reporting without using a forwarder in windows AD machine.
Well, you should be able to answer that by the fact that you may have some dashboards showing some data.
Even so, the best part of this app is its ability to collect and collate multiple sources of AD data by running powershell scripts on the remote machines, ldapsearch commands and the like. This helps to enhance the data and give you what you need. Otherwise you may just be better off building your own dashboards to view your log data.
I've added the app tag as Adrian might spot this and be able to expand on this
That was my point... the best part of it relies on the remote data collection, without this the app can only work with the event log data you may be sending back to it 🙂
Hi Drainy,
Atlast I was able to identify the issue. The app need forwarder to be installed on Windows AD server with the respective TA's. Thanks for your information. Still not getting all data on my dashboard. Will work on it and come to forum incase of help
Thanks
Arunccie