I've been fighting with the Active Directory app for 4 days now, and I'm becoming frustrated. I had it working, except for some really strange hostname issues, which I was unable to resolve. At this point, I have uninstalled every universal forwarder, and the central Splunk install completely. I have deleted every single reference of Splunk from every file or directory that I can find. Is there any documentation for how to install Splunk from scratch, then install the Active Directory app and have all the features work?
The existing documentation is vague and unhelpful in some rather important spots. For example, when editing the conf files, it says I should ensure the correct indexes are set. What are the correct indexes? If I'm installing directly out of the box, do I need to change ANY conf file at all? Isn't there a "from nothing to monitor AD" guide somewhere out there?