Documentation > Splunk > Release Notes > Active directory support

Release Notes

 


What's new
Known issues for this release
Changelogs by version
Credits

Active directory support

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Active directory support

Read, monitor and audit Microsoft Active Directory from within Splunk.

Baseline the Active Directory schema to detect changes and identify key fields for extraction from Active Directory changes and other Windows events.

Detect changes in all of Active Directory, or target specific trees, domains or OUs for comprehensive change detection and auditing.

Use the user and machine metadata stored in Active Directory - names, locations, phone numbers, etc - to decorate other event data at searchtime using the list lookup feature. See the GUID-to-name translation event decorations and search time function provided in the Windows app as an example.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.10/ReleaseNotes/Activedirectorysupport"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.