All Apps and Add-ons

Does Splunk for MS AD Objects 3.2.9 work on Splunk Enterprise 8.0.x?



Has anyone run the MS Windows AD Objects version 3.2.9 APP on Splunk Enterprise 8.0.x?
If so, how was your experience... did you get it to work... did you have to do anything special to get it working?

Any one know when might a version of the APP compatible with Splunk Enterprise 8.0.x be available?

Thanks in advance for your feedback.

0 Karma

Splunk Employee
Splunk Employee

Fyi, I just released an Update, version 4.0.3 that now fully supports Splunk Version 8.x.   Although 3.2.9 would work, the dashboards with the tabs had issues.   

FYI, Version 4.0.3 has a lot of changes, with the biggest part consisting of now using the KVstore vs csv lookups.   This was needed for scalability purposes, but does greatly improve performance with synchronizing the lookups (ie applying diffs vs full rebuilds) and with performing lookups (Ex. ...| lookup lookup_usr AS src_user OUTPUT cn AS Admin_User).   I also now use macro's for pointing to the indexes, instead of eventtypes.   

If you are upgrading, or doing a new install, you will need to walk through the Configuration - Getting Data In dashboard to verify/update the appropriate macros and migrate/build the new kvstore lookups.  

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

We’ve been shouting it from the rooftops! The findings from the 2023 Splunk Career Impact Report showing that ...

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...