Splunk 5.x App for Active Directory

The Splunk App for Microsoft Windows Active Directory ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/

The Splunk App for Microsoft Windows Active Directory gathers performance metrics, log files, and Powershell data from the domain controllers and DNS servers of a Microsoft Active Directory forest and its underlying infrastructure. It presents the data in a series of operational dashboards covering IT Operations, DNS Debugging, Security and Audit, and Change Management functionalities.

Release Notes


IT and Security professionals can now use at-a-glance dashboards for their services, users and infrastructure. Splunk Administrators can also use the custom commands within the product to augment information from other sources with Active Directory information, including an IP address to Username correlation. Splunk App for Active Directory comes with over fifty out-of-the-box dashboards and reports.

Splunk App for Active Directory is a comprehensive solution for managing your Microsoft Windows Server Active Directory forest. It contains dashboards for:

  • Monitoring the health of the Forest Domain Controllers and DNS Servers
  • Analyzing changes to the infrastructure
  • Monitoring logons and logoffs
  • Monitoring account lockouts and other problematic user access areas
  • Providing over 50 audit reports
  • Handling change management reporting

Splunk App for Active Directory supports Windows Server 2003 up to Windows Server 2012 and is fully supported by Splunk Support.

To install, download the suite, then follow the detailed instructions

IMPORTANT: If upgrading from v1.0, please be sure to follow the upgrade information in the documentation. FAILURE TO FOLLOW UPGRADE INSTRUCTIONS WILL MEAN THE APP WILL NOT OPERATE AS INTENDED.

12 ratings

Version 1.2.2

Splunk Supported

Built by Splunk Inc