Solved: "Best Practice" for monitoring multiple AD Window ...

jasonstone · ‎06-07-2012

Hello,
What is the "Best Practice" for monitoring multiple AD Window domains when the Splunk Indexers and Search Head are
all LINUX based?
Thanks!

gkanapathy · ‎06-07-2012

The best solution, from a Splunk perspective, is to use the Splunk Universal Forwarder on the domain machines and send to the indexers. It doesn't matter that they are on different operating systems, and it's okay to install the Windows App (i.e., the dashboards and views) on the Linux search head to view Windows-collected information.

View solution in original post

gkanapathy · ‎06-07-2012

The best solution, from a Splunk perspective, is to use the Splunk Universal Forwarder on the domain machines and send to the indexers. It doesn't matter that they are on different operating systems, and it's okay to install the Windows App (i.e., the dashboards and views) on the Linux search head to view Windows-collected information.

"Best Practice" for monitoring multiple AD Window domains when the Splunk Indexers and Search Head are all LINUX based

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?