All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

MS Windows AD Objects: Why won't lookups build?

cdasong
Engager
‎08-25-2022 10:49 AM

I recently re-installed MS Windows AD Objects app due to some issues. After the re-install, I tried the lookups build configuration wizard, but it doesn't seem to build lookups even though wizard ran successfully with all green "successful" message. 

I tried reseting the admon baseline, adding manual domain input but still no luck. Indexes look correct, log is still getting ingested, 

I used pre-defined TA inputs.conf files, mainly working with 1 DC. This DC has below apps.
Splunk_TA_windows 
Splunk_TA_windows_dc
Splunk_TA_windows_admon 

Main lookup i'm trying to build is 'AD_User_LDAP_list' as my searches with this lookup shows error message "The lookup table 'AD_User_LDAP_list' requires a .csv or KV store lookup definition."

Can somebody point me to the right direction to fix this issue?

 
Labels (2)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-26-2022 01:08 AM

Hi @cdasong,

check the lookup building scheduled searches, ofter in these searches there isn't the index to use and requires a little customization.

The other solution is to put all the indexes in the default path for searches, but I don't like because in this way you have slower searches.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top