Splunk Cloud Platform

Which Add On Pulls Active Directory Logs to Splunk Cloud?

mthirumalareddy
Explorer

Hi All,

I want to pull AD logs to Splunk Cloud. I see some source about Splunk Add-on for Microsoft Windows 6.0.0 and above which pulls the AD logs and another Add-on also does the same thing. I am confused. Can you point me in the right direction? 

 

Thanks In Advance.

 

Labels (2)
0 Karma

PickleRick
Ultra Champion

If you mean collecting logs from your on-prem AD infrastructure, use the https://splunkbase.splunk.com/app/742/ addon (the current version is 8.4, not 6.0 😉 and either pull events directly from domain controllers or use WEF in your domain to set up a separate log collector machine and pull the events from there.

0 Karma

mthirumalareddy
Explorer

While configuration, it is asking for the AD details, I can provide that but is there any way to pull only certain event logs to Splunk directly from the app instead of any forwarder? 

I am using Splunk Cloud for this task. 

 

TIA

0 Karma

PickleRick
Ultra Champion

I'm not sure what you mean by "While configuration, it is asking for the AD details". The TA for windows does not use any UI-based configuration so you must be talking about another app.

Furthermore I don't understand the "pull only certain event logs to Splunk directly from the app instead of any forwarder".  If you're using Splunk Cloud and want to use a modular input you need an external Heavy Forwarder if I remember correctly (I'm not a cloud user myself).

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...