You could win up to $50,000 building Splunk apps in the Splunk>Apptitude contest. Learn more »
Ever had a 10 minute delay logging into splunk via AD -> LDAPS authentication over port 636? It's probably because of "active directory forest referrals", which bog down LDAPS queries.
The trick is to tell splunk to use the "global catalog" port (tcp:3269), which causes this referral delay to not occur.
This should be documented, somewhere.
Using Active Directory 2 Answers