Splunk server integration
Using this integration, you can forward logs from ADManager Plus to the Splunk server for detailed auditing.
Steps to configure the Splunk server settings with ADManager Plus
- Log in to ADManager Plus and navigate to the Admin tab.
- Under System Settings, click Integrations.
- Under Log Forwarding, click Splunk.
- Check the Enable forwarding of ADManager Plus Data box to enable log forwarding to the Splunk server.
- Configure the following:
- Splunk Server: Enter the Splunk server name.
- HTTP Event Collector Port: Enter the port number used by the HTTP Event Collector.
- Authentication Token: Enter the HTTP Event Collector authentication token. Ensure that in the Splunk Event Collector settings, the Default Source Type is log4j and the Default Index is history. Click here to learn how to create an Event Collector token on your Splunk server.
- SSL Enabled: Select Yes or No based on whether SSL is enabled or not on your Splunk server. If you select Yes, then specify the path at which the certificate is located in the Root CA Certificate Path field.
- Click Save.
Note:
- The Enable Integration button is turned on by default. Toggle it off to disable Splunk integration.
- Log forwarding is supported for Splunk Cloud as well. Click here to learn how to integrate Splunk Cloud.
Actions supported
Forward logs on AD management actions performed using ADManager Plus