Getting Data In

Active Directory - Admon limits approx 1000 assets


Hi splunkers !

I ve just configured active directory monitoring based on Splunk 7.3 Active Directory inputs. The AD connexion is running well, but the first sync is limited.
I opened a case, as a solution, Splunk support said admon is limited to approximatively 1000 assets on the first sync.

My AD count 32000 users, 60000 computers and much more object !

Had you used this monitoring on large active directory architecture ?
What type of input do you use to get AD assets ?



0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...