My company has its splunk instance set up in such a way that windows event logs are being enriched with AD information such as the users manager and their OU group etc etc. The system admin that set that up has since left the company and noone knows how it was done. Is there an add on or something with the forwarders that could be doing this? can this be configured to add other data to the logs?
... View more