Hello,
I'm in the process of configuring the Splunk App for Windows Infrastructure on our Splunk Cloud. One component I'm having issues with is SA-LDAPSearch. I don't provide external LDAP access, so I have installed the app on a heavy forwarder on my LAN. I have set up ldap.conf file to provide LDAP connectivity information. I'm confused what the next step should be. Instructions call for creating an index on both indexer and forwarder - but how do I associate this index with the app? How do I "forward" the app functionality to Splunk Cloud, so all the WINFRA reports that rely on LDAP searches return correct information?
Thanks
You may want to take a look at this app: https://splunkbase.splunk.com/app/3177/ It lets you bypass the requirement for installing the Support Add-On for Active Directory.
Thanks,
Do you know what does it take to integrate these AD Object lookups into Splunk for Windows Infrastructure? Would we have to modify each report's sources?