Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we supposed to check the box for “Add user as local administrator” when installing a UF on a Domain Controller or leave it unchecked?
Thankyou @isoutamo the "Splunk Enterprise" => Splunk UF is precisely why it's confusing 🙂
I'll go back and have another read through those docs.
Hi johannterc,
please refer to the docs here to decide on an the right windows user
http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/ChoosetheuserSplunkshouldrunas
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
Hope it helps
Hello Adonio. I already know what the windows user should be, I just am not sure if this user needs to actually be granted local admin rights on my Domain Controller (since I am installing UFs on my DCs).
please take a look here:
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
per doc, check the box in your screenshot
regards,
I'm still googling this question, as it's still not clear in the docs, but neither of these links work anymore!
Usually it works when you just replace versio number on url with word latest like https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands
Here is some more docs for monitoring AD
Requirements
You must meet the following requirements to monitor an Active Directory schema:
You should read "Splunk Enterprise" => Splunk UF
It's not mater even 1st docs are for SplunkCloud as you are using separate UF for monitoring. If you want you can read the same manual for Enterprise just switching product to Enterprise.
r. Ismo