Which Add On Pulls Active Directory Logs to Splunk...

mthirumalareddy · ‎04-14-2022

Hi All,

I want to pull AD logs to Splunk Cloud. I see some source about Splunk Add-on for Microsoft Windows 6.0.0 and above which pulls the AD logs and another Add-on also does the same thing. I am confused. Can you point me in the right direction?

Thanks In Advance.

PickleRick · ‎04-14-2022

If you mean collecting logs from your on-prem AD infrastructure, use the https://splunkbase.splunk.com/app/742/ addon (the current version is 8.4, not 6.0 😉 and either pull events directly from domain controllers or use WEF in your domain to set up a separate log collector machine and pull the events from there.

mthirumalareddy · ‎04-19-2022

While configuration, it is asking for the AD details, I can provide that but is there any way to pull only certain event logs to Splunk directly from the app instead of any forwarder?

I am using Splunk Cloud for this task.

TIA

PickleRick · ‎04-20-2022

I'm not sure what you mean by "While configuration, it is asking for the AD details". The TA for windows does not use any UI-based configuration so you must be talking about another app.

Furthermore I don't understand the "pull only certain event logs to Splunk directly from the app instead of any forwarder". If you're using Splunk Cloud and want to use a modular input you need an external Heavy Forwarder if I remember correctly (I'm not a cloud user myself).

Which Add On Pulls Active Directory Logs to Splunk Cloud?

configuration

using Splunk Cloud

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services