Which Add On Pulls Active Directory Logs to Splunk...

mthirumalareddy · ‎04-14-2022

Hi All,

I want to pull AD logs to Splunk Cloud. I see some source about Splunk Add-on for Microsoft Windows 6.0.0 and above which pulls the AD logs and another Add-on also does the same thing. I am confused. Can you point me in the right direction?

Thanks In Advance.

PickleRick · ‎04-14-2022

If you mean collecting logs from your on-prem AD infrastructure, use the https://splunkbase.splunk.com/app/742/ addon (the current version is 8.4, not 6.0 😉 and either pull events directly from domain controllers or use WEF in your domain to set up a separate log collector machine and pull the events from there.

mthirumalareddy · ‎04-19-2022

While configuration, it is asking for the AD details, I can provide that but is there any way to pull only certain event logs to Splunk directly from the app instead of any forwarder?

I am using Splunk Cloud for this task.

TIA

PickleRick · ‎04-20-2022

I'm not sure what you mean by "While configuration, it is asking for the AD details". The TA for windows does not use any UI-based configuration so you must be talking about another app.

Furthermore I don't understand the "pull only certain event logs to Splunk directly from the app instead of any forwarder". If you're using Splunk Cloud and want to use a modular input you need an external Heavy Forwarder if I remember correctly (I'm not a cloud user myself).

Which Add On Pulls Active Directory Logs to Splunk Cloud?

configuration

using Splunk Cloud

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?