Documentation > Splunk > Admin Manual > admon.conf

Admin Manual

 


Welcome to Splunk administration
What to do first
Use Splunk Web
Meet Splunk apps
Configure Splunk
Indexing with Splunk
Add data and configure inputs
Set up forwarding and receiving
Configure event processing
Configure event timestamping
Configure indexed field extraction
Manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Deploy to other Splunk instances
Set up distributed search
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

admon.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

admon.conf

The following are the spec and example files for admon.conf.

admon.conf.spec

# Copyright (C) 2005-2010 Splunk Inc.  All Rights Reserved.  Version 4.1.5 
#
# This file contains potential attribute/value pairs to use when configuring Windows active
# directory monitoring.
# 
# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles

[<stanza name>]
	* There can be multiple configuration for any given Domain Controller,
	so this is a unique name related to that  particular set of configuration.

targetDC = <string>
	* Fully qualified domain name. This can also be empty, which then it will
	obtain the local computer DC and bind to its root DN.

startingNode = <string>
	* Specify a path to the directory tree in AD where to start monitoring,
	or else if left empty it will start at the root of the directory tree

monitorSubtree = <int 0|1>
	* Given the DC path, monitor subtree instead of a single level

disabled = <in 0|1>
	* Enables or disables this particular configuration

admon.conf.example

# Copyright (C) 2005-2010 Splunk Inc.  All Rights Reserved.  Version 4.1.5
#
# This file contains an example configuration for monitoring changes
# to the Windows active directory monitor. Refer to admon.conf.spec for details.
# The following is an example of a active directory monitor settings.
#
# To use one or more of these configurations, copy the configuration block into
# admon.conf in $SPLUNK_HOME/etc/apps/windows/local/. You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles

[default]
monitorSubtree = 1
disabled = 0

[NearestDC]
targetDc =
startingNode =
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.1.5/Admin/Admonconf"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!