Platform and hardware requirements
This topic discusses the underlying requirements for running the Splunk Supporting Add-on for Active Directory.
Hardware and Operating System requirements
Hardware requirements
The Splunk Supporting Add-on for Active Directory has memory, CPU, and disk requirements that meet standard hardware requirements for the core Splunk Enterprise platform. Deploy hardware that meets or exceeds these hardware requirements.
- For additional details about Splunk Enterprise system requirements, see "System requirements" in the core Splunk Enterprise documentation.
- For information about estimating hardware requirements for a Splunk deployment, see "Introduction to capacity planning for Splunk Enterprise" in the Capacity Planning Manual.
Operating system requirements
You can install the add-on on Splunk Enterprise instances that run a supported operating system. See the list of supported Windows and *nix operating systems.
What versions of Splunk does the add-on support?
The following table provides compatibility information for the Splunk Supporting Add-on for Active Directory versions and supported Splunk platform versions.
| Compatible Splunk platform version | Compatible SA-LDAPSearch version |
|---|---|
| 7.0.x | 2.1.4 |
| 7.0.x | 2.1.6 |
| 7.0.x to 7.1.x | 2.1.7 |
| 7.0.x to 7.2.x | 2.1.8 |
| 7.0.x to 7.2.x | 2.2.0 |
| 7.1.x to 7.3.x | 2.2.1 |
| 7.2.x to 8.0.x | 3.0.0 |
| 7.2.x to 8.1.0 | 3.0.1 |
What versions of Active Directory does the add-on support?
The Splunk Supporting Add-on for Active Directory supports the following versions of Active Directory:
- Microsoft Windows Server 2008 Active Directory Domain Services
- Microsoft Windows Server 2008 R2 Active Directory Domain Services
- Microsoft Windows Server 2012 Active Directory Domain Services
- Microsoft Windows Server 2012 R2 Active Directory Domain Services
- Microsoft Windows Server 2016 Active Directory Domain Services
The add-on does not support AD Lightweight Directory Services (AD LDS) or other Lightweight Directory Access Protocol (LDAP) server types.
Distributed installation of this add-on
This table provides a quick reference for installing this add-on onto a distributed deployment of Splunk Enterprise.
| Splunk instance type | Supported | Required | Comments |
|---|---|---|---|
| Search Heads | Yes | Yes | The host must have access to the domain controller for the domain or forest you want to get events from. The configurations you make must be identical across the search head and all search peers. |
| Indexers | On search peers only | Depends | If the indexer acts as a search peer, then you must install it on all indexers that act as search peers. The search peers must have access to the domain controller for the domain or forest you want to get events from. Additionally, the configurations you make must be identical across the search head and all other search peers. |
| Heavy Forwarders | Yes | No | In this configuration, you can route events from the add-on to other Splunk Enterprise instances based on the target index, or filter the data to extract only the events you want. |
| Universal Forwarders | No | No | The add-on does not perform any function when you install it on this type of Splunk instance. |
| Light Forwarders | No | No | The add-on does not perform any function when you install it on this type of Splunk instance. Also, light forwarder functionality has been deprecated and could be removed in a future version of the Splunk software. |
Distributed deployment compatibility
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
| Distributed deployment feature | Supported | Comments |
|---|---|---|
| Search Head Clusters | Yes | Configure your search head cluster first, then perform an installation of the add-on. The cluster replicates the configurations. |
| Indexer Clusters | No | |
| Deployment Server | Yes | You can deploy the add-on to search heads. |
What are the other prerequisites?
The admin_all_objects Splunk account capability
The Splunk Supporting Add-on for Active Directory requires the admin_all_objects capability to read storage passwords. The user has this capability by default. If you want to use the add on with the non-admin user, then you must have this capability added to its profile.
The list_settings Splunk account capability
When you are using the SA-ldapsearch with the SSL settings enabled for the domains, The Splunk Supporting Add-on for Active Directory requires the list_settings capability to read the sslConfig setting from the server.conf. The admin user has this capability by default. If you want to use the addon with the non-admin user, then you must have this capability added to its profile.
To learn more about Splunk users and assigning capabilities, see About configuring role-based user access. in the core Splunk Enterprise platform documentation.
| How to get support and find more information about Splunk Enterprise | Install the Splunk Supporting Add-on for Active Directory |
This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 3.0.0, 3.0.1
Download manual
Feedback submitted, thanks!