Deployment Architecture

"Best Practice" for monitoring multiple AD Window domains when the Splunk Indexers and Search Head are all LINUX based

jasonstone
Explorer

Hello,
What is the "Best Practice" for monitoring multiple AD Window domains when the Splunk Indexers and Search Head are
all LINUX based?
Thanks!

0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

The best solution, from a Splunk perspective, is to use the Splunk Universal Forwarder on the domain machines and send to the indexers. It doesn't matter that they are on different operating systems, and it's okay to install the Windows App (i.e., the dashboards and views) on the Linux search head to view Windows-collected information.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

The best solution, from a Splunk perspective, is to use the Splunk Universal Forwarder on the domain machines and send to the indexers. It doesn't matter that they are on different operating systems, and it's okay to install the Windows App (i.e., the dashboards and views) on the Linux search head to view Windows-collected information.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...