Getting Data In

Active Directory Monitoring

Path Finder

I was wondering if someone could validate an answer for me. I have installed the Universal Forwarder on a domain controller and collecting data. However, there is also the Manager » Data inputs » Active Directory monitoring within Splunk. Do these collect the same data? Can I assume that using the Universal Forwarder is the preferred method to collect AD data?


Tags (1)
0 Karma

Splunk Employee
Splunk Employee

The Active Directory monitoring process (splunk-admon.exe) can run under your full Splunk instance or on a forwarder. If you haven't read the Monitor Active Directory documentation topic, that's a good place to start.

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!