All Apps and Add-ons

MS Windows AD Objects - How to finish setup


The automatic setup in this app will not complete (Overview shows not configured). 

Getting Data In dashboards will never complete its lookup creation (even though the lookups were created). Also, the "Check Data" portion always shows the indexes created by are missing data. Admin user has all these indexes configured for default search.




Is there a checkbox missing somewhere that I haven't selected or something? 

This screen will remain as is for days:



If it is completed and the app is done being setup, how do the dashboards get replaced with info from this app in the Splunk App For Windows Infrastructure?

Labels (2)
0 Karma


@shogan_splunk , I'm having a similar issue. 

@nortonjco , can you please tell us which macro was looking at the SH for the index size?

0 Karma


I know Steve is working on an updated app which will fix some of these issues; however,   I was able to get the “missing data” part to populate by changing the splunk_server=local to splunk_server=idx* in the macro “ms_ad_obj_cfg_idx_avail”

So you can change the splunk_server=local to what matches your environment. Im my case we are using Splunk Cloud, so idx* worked.

0 Karma


Found that the indexes "Warning: indexes created but some or all missing data" was because one of the macros is trying to determine index size from the SH. 

Fixed that, but it still does not allow the app to finish setup.

All of the lookups get created, however the app doesn't see that it has been done.

I need to be able to complete the app setup so that the dashboards in " Splunk App for Windows Infrastructure" will begin using the data from "MS Windows AD Objects".

Is there a way to manually accomplish this (I'm assuming it would be accomplished automatically if the app completes configuration).?


.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!