Hi Splunkers, I could have the following scenario to implement: a SplunkCloud platform that must receive data from some data sources, with at least an HF (but they could be 2 or more).
Between data sources, there are Windows Acive Directory servers and, of course, I have to send data to Splunk. I don't know if this data will be routeed to HF or directly to Splunk Cloud, but this is not important now.
The focal point is: it is very likely that we will not be able to install UF on those servers, for policy contraints. So, we will have to senda data from AD to Splunk in a agentless manner; what are the possible way to achieve this? And which ones could be the best ones?
Solved by myself: Splunk is able to use WMI to achieve this result.