Error when running reports in splunk for active di...

showard7500 · ‎09-11-2012

When I run any of the reports in the splunk for active directory app I get the two following errors:

external search command 'ldapsearc' returned error code 1.
error: java.lang.arrayindexoutofboundsexception: 17

I have installed the 1.7.7 build 11 on the splunk server. The splunk server is 2008 R2. I have checked my ldap.conf file a few times and that all seems correct. Could someone guide me where to go from here.

Thanks

ahall_splunk · ‎09-12-2012

I suspect the java version. Can you run "java -version" and ensure it is Java SE 1.7.

ahall_splunk · ‎09-12-2012

Next step -

Extract the ldapsearch command and run it within the search app - make sure it produces the same error (it should)
Remove $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log
Re-run the command, but add "debug=T" to the end to enable debug logging
Check the same log file and see if there is something obvious.

If you have a support contract, please open a support case if this does not identify the issue.

showard7500 · ‎09-12-2012

Here is the results

java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)

I would say it looks like the correct version

Error when running reports in splunk for active directory

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Error when running reports in splunk for active directory

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...