Hello,
I'm trying to capture Active Directory information from an AD server. I installed an universal forwarder in this server, and using deployment server I configured an input.conf as the manual example:
[admon://DefaultTargetDc]
targetDc = pri01.eng.ad.splunk.com
startingNode = OU=Computers,DC=eng,DC=ad,DC=splunk,DC=com
My search head and my indexers are Linux Centos 7.
My question: Is the universal forwarder enough to accomplish active directory data extraction? or should I install a Heavy Forwarder.
Documentation refers to a splunk-admon.exe process? is this process included in the universal forwarder?.
... View more