Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk Enterprise version 5.0 reached its End of Life on December 1, 2017. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

admon.conf

admon.conf

The following is the spec file for admon.conf.

admon.conf spec

# Copyright (C) 2005-2012 Splunk Inc. All Rights Reserved.  Version 5.0 
#
# This file contains attribute/value pairs to use when configuring Windows 
# Active Directory monitoring.
# 
# To learn more about configuration files (including precedence) please see
# the documentation located at 
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles

# GLOBAL SETTINGS
# Use the [default] stanza to define any global settings.
#     * You can also define global settings outside of any stanza, at the top of the file.
#     * Each conf file should have at most one default stanza. If there are multiple default 
#       stanzas, attributes are combined. In the case of multiple definitions of the same 
#       attribute, the last definition in the file wins.
#     * If an attribute is defined at both the global level and in a specific stanza, the 
#       value in the specific stanza takes precedence.

[<stanza name>]
* A unique name that represents a configuration or set of configurations for
  a specific domain controller (DC).
* Multiple configurations are possible for any given DC.

targetDc = <string>
* Specifies a fully qualified domain name of a valid, network-accessible DC. 
* If not specified, Splunk will obtain the local computer's DC by default, and
  bind to its root Distinguished Name (DN).

startingNode = <string>
* Tells Splunk where in the Active Directory directory tree to start monitoring. 
* If not specified, Splunk will attempt to start at the root of the directory
  tree, by default.
* Where Splunk starts monitoring is determined by the user Splunk is configured
  to run as on the computer running Active Directory monitor.

monitorSubtree = [0|1]
* Tells Splunk whether or not to monitor the subtree(s) of a given directory
  tree path.
* Defaults to 1 (monitor subtrees of a given directory tree path).

disabled = [0|1]
* Tells Splunk whether or not the stanza is enabled.
* Defaults to 0 (enabled.)

index = <string>
* Tells Splunk which index to store incoming data into for this stanza.
* This field is optional.
* Defaults to the default index.
PREVIOUS
Use the CLI to administer a remote Splunk Enterprise instance
  NEXT
alert_actions.conf

This documentation applies to the following versions of Splunk® Enterprise: 5.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters