Hello, I'm setting up a splunk environment for the first time and wanted to use the Splunk App for Windows Infrastructure to monitor our Active Directory environment. I deployed Splunk enterprise 6.2 on a linux CentOS 6.5 server. I was looking at the http://docs.splunk.com/Documentation/Splunk/latest/Data/AuditActiveDirectory document and noticed:
"Monitor an Active Directory schema | * Splunk must run on Windows
To get the best results out of monitoring AD with Splunk Enterprise, be aware of the following:
This feature is only available with Splunk Enterprise on Windows. You won't be able to monitor AD changes from a *nix version of Splunk (though you can forward AD data gathered from a Windows version of Splunk to a *nix indexer)."
I currently have the Splunk Supporting Add-on for Active Directory connected to our Active Directory domain, and a splunkforwarder sending data from a domain controller. However, when I "detect" in the Windows Infrastructure App I receive "Not found" for Active Directory.
Any info will be helpful and thanks in advance!
... View more