Getting Data In

When installing the Universal Forwarder on a Domain Controller, are we supposed to check the box for "Add user as local administrator"?

johannterc
New Member

Hello. Please see the screenshot on this post, its from the Splunk Universal Forwarder (UF) installer steps. Are we supposed to check the box for “Add user as local administrator” when installing a UF on a Domain Controller or leave it unchecked?

alt text

0 Karma

Baever
Engager

Thankyou @isoutamo the "Splunk Enterprise" => Splunk UF is precisely why it's confusing 🙂  

I'll go back and have another read through those docs.

0 Karma

adonio
Ultra Champion
0 Karma

johannterc
New Member

Hello Adonio. I already know what the windows user should be, I just am not sure if this user needs to actually be granted local admin rights on my Domain Controller (since I am installing UFs on my DCs).

0 Karma

adonio
Ultra Champion

please take a look here:
http://docs.splunk.com/Documentation/Forwarder/6.5.2/Forwarder/InstallaWindowsuniversalforwarderfrom...
per doc, check the box in your screenshot
regards,

0 Karma

Baever
Engager

I'm still googling this question, as it's still not clear in the docs, but neither of these links work anymore!

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Usually it works when you just replace versio number on url with word latest like https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands

 

Here is some more docs for monitoring AD

 

Requirements

You must meet the following requirements to monitor an Active Directory schema:

You should read "Splunk Enterprise" => Splunk UF

It's not mater even 1st docs are for SplunkCloud as you are using separate UF for monitoring. If you want you can read the same manual for Enterprise just switching product to Enterprise.

r. Ismo

 

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...