Splunk Cloud Platform

Which Add On Pulls Active Directory Logs to Splunk Cloud?

mthirumalareddy
Explorer

Hi All,

I want to pull AD logs to Splunk Cloud. I see some source about Splunk Add-on for Microsoft Windows 6.0.0 and above which pulls the AD logs and another Add-on also does the same thing. I am confused. Can you point me in the right direction? 

 

Thanks In Advance.

 

Labels (2)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

If you mean collecting logs from your on-prem AD infrastructure, use the https://splunkbase.splunk.com/app/742/ addon (the current version is 8.4, not 6.0 😉 and either pull events directly from domain controllers or use WEF in your domain to set up a separate log collector machine and pull the events from there.

0 Karma

mthirumalareddy
Explorer

While configuration, it is asking for the AD details, I can provide that but is there any way to pull only certain event logs to Splunk directly from the app instead of any forwarder? 

I am using Splunk Cloud for this task. 

 

TIA

0 Karma

PickleRick
SplunkTrust
SplunkTrust

I'm not sure what you mean by "While configuration, it is asking for the AD details". The TA for windows does not use any UI-based configuration so you must be talking about another app.

Furthermore I don't understand the "pull only certain event logs to Splunk directly from the app instead of any forwarder".  If you're using Splunk Cloud and want to use a modular input you need an external Heavy Forwarder if I remember correctly (I'm not a cloud user myself).

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...