All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Active Directory

omprakash9998
Path Finder
‎03-19-2018 06:48 AM

Hi,

I am running splunk 6.6.3 . can anyone help me to Active Directory information into Splunk App for windows infrastructure. I have installed the Splunk AD addon and every sourcetype is eneabled on it. I am unable to get Groups, Group Plocy information, Organizational units information and Active Directory Health information.
All i am able to get is User Information. I am not able to generate default domain lookup tables.

Thanks in advance.

0 Karma
Reply

p_gurav
Champion
‎03-19-2018 11:46 PM

Can you try this command and check outcome:
https://docs.splunk.com/Documentation/SA-LdapSearch/2.1.6/User/Theldapsearchcommand

Also there is troubleshooting doc available:
https://docs.splunk.com/Documentation/SA-LdapSearch/2.1.6/User/UseSA-ldapsearchtotroubleshootproblem...

Also check _internal logs for any kind of error.

Reply

omprakash9998
Path Finder
‎03-20-2018 07:35 AM

the ldap search command is resturning all the user related information. I am also looking to get "eventtype=msad-dc-health" and "DomainList.csv" as there are lots of dependencies on these to populate all the dashboards.

_internal logs doesnot not show errors related to AD or Ldap. Mostly Perfmon Errors.

Thank you.

0 Karma
Reply

ajhstn
Explorer
‎11-06-2018 08:08 PM

Did you get anywhere with populating the msad-dc-health event type? I also cannot run some searches as "msad-dc-health" event type doesnt return anything.

0 Karma
Reply

omprakash9998
Path Finder
‎11-07-2018 06:14 AM

Yes. I have resolved the issue, I am able to collect all the logs from AD. I have followed the following posts and was able to resolve it.

https://www.splunk.com/blog/2012/10/21/splunk-app-for-active-directory-and-the-top-10-issues.html

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...