Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Pulling data from non-domain machines

netmd
New Member
‎10-13-2010 09:40 PM

I have Splunk set up and working for all servers on my domain but I'm not understanding exactly how to to get non-domain machines included. I have a few dozen machines (all in different locations, none in any domain) that I need to get added. I've seen a bit on using forwarders to potentially pull it off but I'm not seeing how it's done. And yes, I'm extremely new to Splunk.

I'd guess I could set up local accounts on every single machine that all have the same credentials but that's not possible in the environment I'm working in.

Tags (1)
0 Karma
Reply

Lowell
Super Champion
‎10-13-2010 10:01 PM

Splunk doesn't require any domain membership of any kind. Simply setup forwarders on each machine you want splunk to collect events on, and simply forward them all to one central splunk instance.

There is no authentication or authorization required between forwarders and the indexers (receivers).

If you are collecting logs over remote shares, then that's the only time I can think of when domain credentials are needed. And really that's not a splunk thing at all, it's just that a windows service needs to to run as a non-system user in order for it to access remote shares; but that's not the ideal splunk setup. Using individual forwarders is recommended.

Related docs:

http://www.splunk.com/base/Documentation/latest/Admin/Enableforwardingandreceiving

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...