Sorry if my questions sounds silly but this is my first Splunk deployment plus I am not even familiar working with AD and Exchange.
I had to configure Splunk to collect Active Directory and Microsoft Exchange logs.
For AD, I configured Splunk app for Windows Infrastructure and for Exch, I configured Splunk App for Microsoft Exchange. Later, I found out that Exchange app also provides A.D data but not sure too how much extent.
So my question is, whether Exchange app can also be used for AD logs or Windows Infra app is also required for AD logs ?
The only difference I found from the main dashboards of both apps, in terms of AD data, is Exchange has "User" & "Computer" info and Win Infra App has "DNS"
↧
Can Splunk app for Microsoft Exchange app be used for full-fledged Active Directory logs as well ?
↧