Platform and hardware requirements
This topic discusses the underlying requirements for running the Splunk Supporting Add-on for Active Directory.
Hardware and Operating System requirements
The Splunk Supporting Add-on for Active Directory has memory, CPU, and disk requirements that meet standard hardware requirements for the core Splunk Enterprise platform. Deploy hardware that meets or exceeds these hardware requirements.
- For additional details about Splunk Enterprise system requirements, see "System requirements" in the core Splunk Enterprise documentation.
- For information about estimating hardware requirements for a Splunk deployment, see "Introduction to capacity planning for Splunk Enterprise" in the Capacity Planning Manual.
Operating system requirements
What versions of Splunk does the add-on support?
All Splunk Enterprise search heads require Splunk Enterprise version 6.2 or later.
What versions of Active Directory does the add-on support?
The Splunk Supporting Add-on for Active Directory supports the following versions of Active Directory:
- Microsoft Windows Server 2008 Active Directory Domain Services
- Microsoft Windows Server 2008 R2 Active Directory Domain Services
- Microsoft Windows Server 2012 Active Directory Domain Services
- Microsoft Windows Server 2012 R2 Active Directory Domain Services
The add-on does not support AD Lightweight Directory Services (AD LDS) or other Lightweight Directory Access Protocol (LDAP) server types.
Distributed installation of this add-on
This table provides a quick reference for installing this add-on onto a distributed deployment of Splunk Enterprise.
|Splunk instance type||Supported||Required||Comments|
|Search Heads||Yes||Yes||The host must have access to the domain controller for the domain or forest you want to get events from. The configurations you make must be identical across the search head and all search peers.|
|Indexers||On search peers only||Depends||If the indexer acts as a search peer, then you must install it on all indexers that act as search peers. The search peers must have access to the domain controller for the domain or forest you want to get events from. Additionally, the configurations you make must be identical across the search head and all other search peers.|
|Heavy Forwarders||Yes||No||In this configuration, you can route events from the add-on to other Splunk Enterprise instances based on the target index, or filter the data to extract only the events you want.|
|Universal Forwarders||No||No||The add-on does not perform any function when you install it on this type of Splunk instance.|
|Light Forwarders||No||No||The add-on does not perform any function when you install it on this type of Splunk instance. Also, light forwarder functionality has been deprecated and could be removed in a future version of the Splunk software.|
Distributed deployment compatibility
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
|Distributed deployment feature||Supported||Comments|
|Search Head Clusters||Yes||Configure your search head cluster first, then perform an installation of the add-on. The cluster replicates the configurations.|
|Deployment Server||Yes||You can deploy the add-on to search heads.|
What are the other prerequisites?
The 'admin_all_objects' Splunk account capability
The Splunk Supporting Add-on for Active Directory requires the
admin_all_objects capability to read storage passwords. The
admin user has this capability by default. If you do not want to use the
admin user, then any user you do use must have this capability added to its profile.
To learn more about Splunk users and assigning capabilities, see "About configuring role-based user access" in the core Splunk Enterprise platform documentation.
How to get support and find more information about Splunk Enterprise
Install the Splunk Supporting Add-on for Active Directory
This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 2.1.2, 2.1.3, 2.1.4