Okay, I just want to make sure I understand everything correctly. I'm currently working on a Splunk environment, it currently has a running search head & indexer and a heavy forwarder. One of the sources of data that we want to collect is the active directory. I've done some research and it seems like the recommended option would be to download a universal forwarder and install it on the domain controller of the active directory. Is that correct? And if so is this video, "Getting Data In — Forwarders" the correct one I should be following?   If not, please share any videos or documents I should follow, thank you! ... View more