All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Error when running reports in splunk for active directory

showard7500
Engager
‎09-11-2012 01:29 PM

When I run any of the reports in the splunk for active directory app I get the two following errors:

  1. external search command 'ldapsearc' returned error code 1.
  2. error: java.lang.arrayindexoutofboundsexception: 17

I have installed the 1.7.7 build 11 on the splunk server. The splunk server is 2008 R2. I have checked my ldap.conf file a few times and that all seems correct. Could someone guide me where to go from here.

Thanks

Reply

ahall_splunk
Splunk Employee
Splunk Employee
‎09-12-2012 11:58 AM

I suspect the java version. Can you run "java -version" and ensure it is Java SE 1.7.

Reply

ahall_splunk
Splunk Employee
Splunk Employee
‎09-12-2012 02:01 PM

Next step -

  1. Extract the ldapsearch command and run it within the search app - make sure it produces the same error (it should)
  2. Remove $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log
  3. Re-run the command, but add "debug=T" to the end to enable debug logging
  4. Check the same log file and see if there is something obvious.

If you have a support contract, please open a support case if this does not identify the issue.

0 Karma
Reply

showard7500
Engager
‎09-12-2012 12:50 PM

Here is the results

java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode)

I would say it looks like the correct version

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...