All Apps and Add-ons

Active Directory

Path Finder


I am running splunk 6.6.3 . can anyone help me to Active Directory information into Splunk App for windows infrastructure. I have installed the Splunk AD addon and every sourcetype is eneabled on it. I am unable to get Groups, Group Plocy information, Organizational units information and Active Directory Health information.
All i am able to get is User Information. I am not able to generate default domain lookup tables.

Thanks in advance.

0 Karma


Can you try this command and check outcome:

Also there is troubleshooting doc available:

Also check _internal logs for any kind of error.

Path Finder

the ldap search command is resturning all the user related information. I am also looking to get "eventtype=msad-dc-health" and "DomainList.csv" as there are lots of dependencies on these to populate all the dashboards.

_internal logs doesnot not show errors related to AD or Ldap. Mostly Perfmon Errors.

Thank you.

0 Karma


Did you get anywhere with populating the msad-dc-health event type? I also cannot run some searches as "msad-dc-health" event type doesnt return anything.

0 Karma

Path Finder

Yes. I have resolved the issue, I am able to collect all the logs from AD. I have followed the following posts and was able to resolve it.

0 Karma
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...