Hello,
What is the "Best Practice" for monitoring multiple AD Window domains when the Splunk Indexers and Search Head are
all LINUX based?
Thanks!
The best solution, from a Splunk perspective, is to use the Splunk Universal Forwarder on the domain machines and send to the indexers. It doesn't matter that they are on different operating systems, and it's okay to install the Windows App (i.e., the dashboards and views) on the Linux search head to view Windows-collected information.
The best solution, from a Splunk perspective, is to use the Splunk Universal Forwarder on the domain machines and send to the indexers. It doesn't matter that they are on different operating systems, and it's okay to install the Windows App (i.e., the dashboards and views) on the Linux search head to view Windows-collected information.