The Splunk App for Microsoft Windows Active Directory ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/
The Splunk App for Microsoft Windows Active Directory gathers performance metrics, log files, and Powershell data from the domain controllers and DNS servers of a Microsoft Active Directory forest and its underlying infrastructure. It presents the data in a series of operational dashboards covering IT Operations, DNS Debugging, Security and Audit, and Change Management functionalities.
This [Windows | AD] App has been superseded by the new Windows Infrastructure app for use with Splunk 6.0. Please download the new application instead. - http://apps.splunk.com/app/1680/
• Splunk version 4.3.6 no longer warns of a configuration conflict in%SPLUNK_HOME%\etc\apps\Splunk_for_ActiveDirectory\metadata\default.meta when started from the command line.
• The app now returns data for the "Failed Logons by IP Address" dashboard.
• A problem with the TA_DomainController_NT6 technology add-on was fixed. The TA now collects "Processor" performance metrics correctly.
1. TA’s are now compatible with 5.x for perfmon data collection.
2. Registered new event codes (1014, 5782, 1056).
3. Improvement to Anomalous logons dashboard.
4. Fixed default.meta to remove warning messages on splunk restart.
* Corrected detection of Inter-Site Topology Generator
* Corrected detection of failed logons
* Implemented numerous performance improvements
* Added more anomalous event code
* Improved navigation and rendering in older browsers
* Updated the drop-downs for the Audit dashboards so you can specify a DNS Domain as well as a NetBIOS Domain name. This will assist when transitioning to Windows Server 2012 as well as cross-app linkage.
* Updated throughout to use the new SA-ldapsearch app, which is available on Splunkbase at http://splunk-base.splunk.com/apps/Splunk%20Support%20for%20Active%20Directory
* Corrected many search errors in combined NT5/NT6 environments.
IT and Security professionals can now use at-a-glance dashboards for their services, users and infrastructure. Splunk Administrators can also use the custom commands within the product to augment information from other sources with Active Directory information, including an IP address to Username correlation. Splunk App for Active Directory comes with over fifty out-of-the-box dashboards and reports.
Splunk App for Active Directory is a comprehensive solution for managing your Microsoft Windows Server Active Directory forest. It contains dashboards for:
- Monitoring the health of the Forest Domain Controllers and DNS Servers
- Analyzing changes to the infrastructure
- Monitoring logons and logoffs
- Monitoring account lockouts and other problematic user access areas
- Providing over 50 audit reports
- Handling change management reporting
Splunk App for Active Directory supports Windows Server 2003 up to Windows Server 2012 and is fully supported by Splunk Support.
To install, download the suite, then follow the detailed instructions
IMPORTANT: If upgrading from v1.0, please be sure to follow the upgrade information in the documentation. FAILURE TO FOLLOW UPGRADE INSTRUCTIONS WILL MEAN THE APP WILL NOT OPERATE AS INTENDED.