Documentation > Splunk App for Active Directory > Deploy and Use the Splunk App for Active Directory > About the Splunk App for Windows Server Active Directory

Deploy and Use the Splunk App for Active Directory

 


Introduction
Before you install
Deploy the Splunk App for Active Directory
Upgrade the Splunk App for Active Directory
Use the Splunk App for Active Directory
Troubleshoot the Splunk App for Active Directory
Release notes

About the Splunk App for Windows Server Active Directory

Contents

About the Splunk App for Windows Server Active Directory

Caution:

The Splunk App for Active Directory does not currently work with Splunk universal forwarder versions 5.0 and later. If you run the Splunk App for Active Directory, do not upgrade any of the universal forwarders in that deployment. For additional details, see the release notes.

The Splunk App for Windows Server Active Directory (hereafter known as the Splunk App for Active Directory) provides deep insight into your Windows Server Active Directory deployment. You can monitor the health of your forest, assess and dispatch security threats, and much more.

Use the Splunk App for Active Directory to:

  • Get a detailed topology report on all aspects of your AD forest, including all domains, sites, domain controllers (complete with operations master roles) and AD objects.
  • Monitor AD Directory Services performance, including replication throughput, search performance, and any anomalous events that might signal upcoming problems.
  • Explore various security aspects in your AD forest, including failed and anomalous logons and account utilization
  • Track changes to various AD objects such as users, groups, computers and group policy objects.

How does it work?

The Splunk App for Active Directory runs on top of a Splunk deployment and gathers extensive Active Directory metrics, including but not limited to:

  • AD replication and health statistics
  • LDAP search statistics
  • Performance monitor statistics
  • Security, Directory Service and Domain Name System (DNS) server event logs

The app presents this data to you with reports and dashboards to give you full visibility into your Active Directory deployment.

How do I get it?

Download the Splunk App for Active Directory from Splunkbase.

How do I upgrade from a previous version?

If you are already running the Splunk App for Active Directory and want to upgrade, be sure to read "Upgrade the Splunk App for Active Directory" for important information and specific upgrading instructions.

For information on what's been fixed from the previous version, as well as any known issues in this version, review the release notes.

Retrieved from "http://docs.splunk.com/Documentation/ActiveDirectory/1.1.4/DeployAD/AbouttheSplunkAppforActiveDirectory"

This documentation applies to the following versions of ActiveDirectory: 1.1 , 1.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!