All Apps and Add-ons

MS Windows AD Objects: Why won't lookups build?

cdasong
Engager

I recently re-installed MS Windows AD Objects app due to some issues. After the re-install, I tried the lookups build configuration wizard, but it doesn't seem to build lookups even though wizard ran successfully with all green "successful" message. 

I tried reseting the admon baseline, adding manual domain input but still no luck. Indexes look correct, log is still getting ingested, 

I used pre-defined TA inputs.conf files, mainly working with 1 DC. This DC has below apps.
Splunk_TA_windows 
Splunk_TA_windows_dc
Splunk_TA_windows_admon 

Main lookup i'm trying to build is 'AD_User_LDAP_list' as my searches with this lookup shows error message "The lookup table 'AD_User_LDAP_list' requires a .csv or KV store lookup definition."

Can somebody point me to the right direction to fix this issue?

 
Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @cdasong,

check the lookup building scheduled searches, ofter in these searches there isn't the index to use and requires a little customization.

The other solution is to put all the indexes in the default path for searches, but I don't like because in this way you have slower searches.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...