Re: Does Splunk for MS AD Objects 3.2.9 work on Sp...

napomokoetle · ‎05-14-2020

Hi,

Has anyone run the MS Windows AD Objects version 3.2.9 APP on Splunk Enterprise 8.0.x?
If so, how was your experience... did you get it to work... did you have to do anything special to get it working?

Any one know when might a version of the APP compatible with Splunk Enterprise 8.0.x be available?

Thanks in advance for your feedback.

shogan_splunk · ‎08-27-2020

Fyi, I just released an Update, version 4.0.3 that now fully supports Splunk Version 8.x. Although 3.2.9 would work, the dashboards with the tabs had issues.

FYI, Version 4.0.3 has a lot of changes, with the biggest part consisting of now using the KVstore vs csv lookups. This was needed for scalability purposes, but does greatly improve performance with synchronizing the lookups (ie applying diffs vs full rebuilds) and with performing lookups (Ex. ...| lookup lookup_usr AS src_user OUTPUT cn AS Admin_User). I also now use macro's for pointing to the indexes, instead of eventtypes.

If you are upgrading, or doing a new install, you will need to walk through the Configuration - Getting Data In dashboard to verify/update the appropriate macros and migrate/build the new kvstore lookups.

Does Splunk for MS AD Objects 3.2.9 work on Splunk Enterprise 8.0.x?

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI