Install the Splunk Supporting Add-on for Active Directory
This topic provides instruction on how to install the Splunk Supporting Add-on for Active Directory.
Where to install it
The Splunk Supporting Add-on for Active Directory can be installed on a search head or a heavy forwarder.
It can also (optionally) be installed on search peers (indexers) when you want to distribute LDAP queries across those peers. Like the search head, the search peers must have access to Active Directory for this to work. See Install SA-LDAPsearch in a distributed deployment.
It does not perform any function when you install it on a universal or light forwarder.
How to install it
In most situations, you can install the add-on by using either Splunk Web or the CLI.
Once you install it, you must then configure it.
Install the add-on from the command line
On Splunk Enterprise, you can install the add-on from the command line, using the CLI.
- Download the Splunk Supporting Add-on for Active Directory from Splunk Apps, if you haven't already.
- Run the
splunk install
CLI command.> cd Program Files\splunk\bin > .\splunk install app <path>\splunk-support-for-active-directory-xxxx.tar.gz App 'sa-ldapsearch' is installed.
Note: You might have to log into your Splunk Enterprise instance before it installs the app. - Configure the Splunk Supporting Add-on for Active Directory.
Install the add-on using Splunk Web
You can also install the add-on using Splunk Web, provided you are doing so on a full instance of Splunk Enterprise. The most common use case for this method of installation is to provide support for another app installed on the same machine.
Splunk Web is available for installations of the Splunk Supporting add-on for Active Directory only on full instances of Splunk Enterprise. It is not available for installations on universal forwarders or light forwarders.
- Download the Splunk Add-on for Windows from Splunk Apps, if you haven't already.
Note: The file downloads with a.tar.gz
extension. Do not attempt to run this file. You install it from within Splunk Enterprise. - Log into Splunk Web on the Splunk Enterprise instance on which you want to install the app.
- Once logged in, click the App menu from the upper right menu bar, and select Manage apps...
- On the next page, click the Install app from file button.
- On the Upload a file screen, click Browse...
- Locate the downloaded
splunk-support-for-active-directory-xxxx.tar.gz
file and click Open. - Click Upload. Splunk Enterprise opens the
splunk-support-for-active-directory-xxxx.tar.gz
package and installs the application. - Click the Restart Splunk button or the link in the banner to restart Splunk.
Note: A dialog box asking you if you are sure you want to restart Splunk may appear. Click OK to restart Splunk. - Once Splunk restarts, click OK to return to the Splunk login page.
- Configure the Splunk Supporting Add-on for Active Directory.
Install SA-LDAPsearch in a distributed deployment
Use this procedure when you want to distribute LDAP queries across the search head and its search peers. It ensures that the LDAP configuration is the same across all of the peers.
- Confirm that the search head and search peers can access Active Directory.
- Install SA-LDAPsearch with Splunk Web.
- Configure the add-on with Splunk Web by adding a domain to the SA-LDAPsearch configuration.
- Click the Test connection button in the configuration page to confirm that the add-on can connect to the Active Directory domain you specified.
- Once the test succeeds, click Save to save the configuration.
- Repeat this process for all search peers in the deployment.
PREVIOUS Platform and hardware requirements |
NEXT Configure the Splunk Supporting Add-on for Active Directory |
This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 1.1.13, 2.0.0, 2.0.1
Feedback submitted, thanks!