Platform and hardware requirements
This topic discusses the underlying requirements for running the Splunk Supporting Add-on for Active Directory.
Hardware and Operating System requirements
Hardware requirements
The Splunk Supporting Add-on for Active Directory has memory, CPU, and disk requirements that meet standard hardware requirements for the core Splunk Enterprise platform. Deploy hardware that meets or exceeds these hardware requirements.
- For additional details about Splunk Enterprise system requirements, see "System requirements" in the core Splunk Enterprise documentation.
- For information about estimating hardware requirements for a Splunk deployment, see "Introduction to capacity planning for Splunk Enterprise" in the Capacity Planning Manual.
Operating system requirements
You can install the add-on on Splunk Enterprise instances that run a supported operating system. See the list of supported Windows and *nix operating systems.
What versions of Splunk does the add-on support?
All Splunk Enterprise search heads require Splunk Enterprise version 6.2 or later.
What versions of Active Directory does the add-on support?
The Splunk Supporting Add-on for Active Directory supports the following versions of Active Directory:
- Microsoft Windows Server 2008 Active Directory Domain Services
- Microsoft Windows Server 2008 R2 Active Directory Domain Services
- Microsoft Windows Server 2012 Active Directory Domain Services
- Microsoft Windows Server 2012 R2 Active Directory Domain Services
The add-on does not support AD Lightweight Directory Services (AD LDS) or other Lightweight Directory Access Protocol (LDAP) server types.
How does the add-on work in a distributed Splunk Enterprise environment?
The Splunk Supporting Add-on for Active Directory works on a single search head. There is no support for operation in an environment that has search head pooling or search head clustering enabled.
It can also be installed on a Splunk Enterprise instance that you have configured as a heavy forwarder. In this configuration, you can route output from the add-on to other Splunk Enterprise instances based on target index, or filter the data to extract only the events you want.
The add-on does not perform any specific function when you install it on a universal forwarder, or an indexer that has not also been configured as a search head.
What are the other prerequisites?
The 'admin_all_objects' Splunk account capability
The Splunk Supporting Add-on for Active Directory requires the admin_all_objects
capability to read storage passwords. The admin
user has this capability by default. If you do not want to use the admin
user, then any user you do use must have this capability added to its profile.
To learn more about Splunk users and assigning capabilities, see "About configuring role-based user access" in the core Splunk Enterprise platform documentation.
PREVIOUS How to get support and find more information about Splunk Enterprise |
NEXT Install the Splunk Supporting Add-on for Active Directory |
This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 2.0.0, 2.0.1, 2.1.0, 2.1.1
Feedback submitted, thanks!