Splunk Cloud – Windows AD Management Quick Start Guide (Last Updated: 03/30/2018) Splk Customer Winfra
SplkCloud_Customer_Winfra_Quick_Start_Guide
User Manual:
Open the PDF directly: View PDF
Page Count: 18
- Splunk App for Windows Infrastructure and MS Windows AD Objects application Overview
- Step 1: Splunk Cloud Environment Configuration
- Step 2: Download Splunk Technical Add-Ons and Update Data Inputs
- Step 3: Splunk Universal Forwarder Installation on Target Windows Systems and AD DC’s
- Step 4: Complete Setup of Splunk App for Windows Infrastructure and MS Windows AD Objects
- Appendix A – Splunk Current Cloud Customers – Support Case Steps
- Appendix B – Troubleshooting missing admon baseline or AD MSAD Health data
- Appendix C – Troubleshooting Splunk Communication Issues
- First - Check Splunk Cloud instance if it is receiving Splunk UF internal logs:
- No Splunk UF Internal Log Data: Troubleshooting Steps for Internal Logs Not being received by Indexer:
- Check and Create Inbound/Outbound Rules for Windows Firewall
- Check for the existence of outputs.conf in the system directory, and that the Splunk Cloud Universal Forwarder App has been installed:
- No Splunk Data Input Data: Troubleshooting Steps for no Splunk Universal Forwarder Data Input data being received by Indexer:
- First, Verify that the Windows data is not being indexed by Splunk:
- Verify and Update Splunk Access Control Settings
- Verify the Splunk TA’s have been configured and added to the Splunk Universal Forwarder
- Appendix D – Enable Auditing in the Active Directory Environment
- Enable Auditing on Windows Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2
- Advance Auditing Settings:
- Creating and verifying an advanced audit policy
- To configure, apply, and validate an advanced domain logon audit policy setting, you must:
- To configure an advanced domain logon audit policy setting
- To ensure that Advanced Audit Policy Configuration settings are not overwritten
- To update Group Policy settings
- To verify that the advanced logon security audit policy settings were applied correctly