All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

MS Windows AD Objects: Why won't lookups build?

cdasong
Engager
‎08-25-2022 10:49 AM

I recently re-installed MS Windows AD Objects app due to some issues. After the re-install, I tried the lookups build configuration wizard, but it doesn't seem to build lookups even though wizard ran successfully with all green "successful" message. 

I tried reseting the admon baseline, adding manual domain input but still no luck. Indexes look correct, log is still getting ingested, 

I used pre-defined TA inputs.conf files, mainly working with 1 DC. This DC has below apps.
Splunk_TA_windows 
Splunk_TA_windows_dc
Splunk_TA_windows_admon 

Main lookup i'm trying to build is 'AD_User_LDAP_list' as my searches with this lookup shows error message "The lookup table 'AD_User_LDAP_list' requires a .csv or KV store lookup definition."

Can somebody point me to the right direction to fix this issue?

 
Labels (2)
Preview file
214 KB
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-26-2022 01:08 AM

Hi @cdasong,

check the lookup building scheduled searches, ofter in these searches there isn't the index to use and requires a little customization.

The other solution is to put all the indexes in the default path for searches, but I don't like because in this way you have slower searches.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...