Hello, Were currently running a active directory environment and is was wondering how can we setup Splunk to receive event viewer notification from other servers.
when i was setting up my LDAP Authentication i realized that my Bind DN was wrong. Thanks
Are you just looking to have Splunk read in the event log from remote servers? If so, you can get it in via WMI, the new Universal Forwarder (in 4.2) or with something like snare. Take a look at these links to see if what best meets your needs.
If I've missed what you're looking for, let me know.