All Apps and Add-ons

Lookup table 'HostInfo' and 'tSessions' is empty?

buchanaj
Engager

Hello,
I am trying to use Splunk App for Active Directory
I have many features of the App working, however most of the searches under the Security tab fail, and all of the searches under the Change Mgmt tab fail.

Security > Audit > Computer Audit produces the following errors:
[subsearch]: No matching fields exist
Lookup table 'HostInfo' is empty.
No matching fields exist

Change Mgmt > User Record Changes produces the following errors:
No matching fields exist
Lookup table 'tSessions' is empty.
Lookup table 'HostInfo' is empty.

I believe I have SA-ldapsearch configured correctly.
Security > Reports > Computer Accounts > Computers: All
Works great and without error.

Per this post of someone previously with the same error:

http://answers.splunk.com/answers/52299/issues-with-splunk-app-for-active-directory/52308

1) I have created the Audit GPO as detailed in the installation manual and assigned it to all of my domains
2) I have been attempting these searches with a time frame of last 7 days
3) My environment is not very complex

My central index is running:
Splunk Version 6.0.2
Splunk Build 196940
Splunk App for Active Directory 1.2.2
Server OS: Windows 7 Professional SP1 64bit

Thank you in advance!

0 Karma

hatbeard
Explorer

I know this is a little old, but I found this while having the same issue.

I ended up fixing it by going into lookup definitions under settings->lookups and disabling/re-enabling the lookup.

0 Karma
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...