I'm relatively new to Splunk and some advice on deploying apps. I need to deploy the Windows Infrastructure App to get DNS logs into Splunk. That apps requires the Powershell add-on on the server and deploy it to the Universal Forwarder on the domain controllers.
I've installed the Powershell app on the Splunk server. Before deploying to the Universal Forwarder, I need to configure the inputs.conf file. There's nothing I actually want from this. I'm only installing it so I can proceed with Windows Infrastructure App. I presume I need to log something but I don't know that for a fact. What do you recommend I put in this file?
Also, the installation instructions for the Powershell add-on were not as specific as the Windows add-on. Do I need to create a new index for the Powershell app?
Thanks
↧