Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can Active Directory be monitored by Splunk Enterprise which is running on linux?

nandhini_amir
Engager
‎09-03-2019 09:45 PM

Help me out with this question...
Can AD be monitored by the Splunk enterprise which is running on linux..? I refered to the splunk documentation of
https://docs.splunk.com/Documentation/Splunk/7.3.1/Data/MonitorActiveDirectory which mentioned that the splunk enterprise should run on windows..

If AD can be monitored by splunk which is running on linux... how can i do that ? and kindly provide any documentation regarding that.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

KARANMALHOTRA
Path Finder
‎09-03-2019 10:15 PM

Yes, you can monitor AD even if your Splunk Enterprise is running on Linux or any other OS.

You don't need to have the whole Splunk Enterprise running on the AD server to monitor it. You need to use a Universal Forwarder on the AD server and to that you can deploy the Splunk Add-on for Microsoft Active Directory

This addon will collect the required information for your AD instance and send it to your Indexer. We are using this method extensively and our Splunk Enterprise servers are all on Linux.

The companion app is called Splunk App for Windows Infrastructure which will have your dashboards for the AD.

You may also check this addon based on your requirement Splunk Supporting Add-on for Active Directory

View solution in original post

Reply
Solved! Jump to solution
Solution

KARANMALHOTRA
Path Finder
‎09-03-2019 10:15 PM

Yes, you can monitor AD even if your Splunk Enterprise is running on Linux or any other OS.

You don't need to have the whole Splunk Enterprise running on the AD server to monitor it. You need to use a Universal Forwarder on the AD server and to that you can deploy the Splunk Add-on for Microsoft Active Directory

This addon will collect the required information for your AD instance and send it to your Indexer. We are using this method extensively and our Splunk Enterprise servers are all on Linux.

The companion app is called Splunk App for Windows Infrastructure which will have your dashboards for the AD.

You may also check this addon based on your requirement Splunk Supporting Add-on for Active Directory

Reply
Solved! Jump to solution

nandhini_amir
Engager
‎09-03-2019 10:56 PM

Thanks Karan, for sharing your answer.
I need little more clarification, kindly help me out with this.

What is the advantages and disadvantages of splunk enterprise running on linux vs windows to monitor AD server.
As in the documentation it is mentioned to use splunk enterprise on windows for monitoring AD server. If i was supposed to use splunk on linux.. what might be the problem arise..?

0 Karma
Reply
Solved! Jump to solution

KARANMALHOTRA
Path Finder
‎09-03-2019 11:10 PM

Hi Nandhini,
The choice of OS running Splunk Enterprise really does not matter in the montioring of the AD server. As the monitoring metrics, events, logs are all captured by the Universal Forwarder (which will be for the specific OS version where your AD is installed)

The approach I am suggesting is this. In this approach your Splunk Enterpise can be installed on any OS platform.
AD Server ( Splunk UF with AD addons) --------> Splunk Enterprise (Indexing, Alerting and Dashboarding)

The article you had linked is fundamentally different as it is considering installing Splunk Enterprise on your AD server itself, which to be fair will not be scalable as you may have many AD servers in the future.

I'm afraid that for exact differences in both approaches, you may have to read through the notes in the documentation. Hope this helps.

0 Karma
Reply
Solved! Jump to solution

nandhini_amir
Engager
‎09-05-2019 05:48 AM

Hi Karan,

I have a question, kindly give a clarification about it 🙂
You have mentioned that Extensively you are using splunk enterprise on linux for windows AD server.
Does all the dashboards are lighting up in the splunk app for windows Infrastructure?
And also Does the documentation which I mentioned is purely regarding the installation of the splunk enterprise on AD server itself.

0 Karma
Reply
Solved! Jump to solution

nandhini_amir
Engager
‎09-03-2019 11:24 PM

Thanks Karan, your answer really helped me.. 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...