All Apps and Add-ons

MS Windows AD Objects: Why won't lookups build?

cdasong
Engager

I recently re-installed MS Windows AD Objects app due to some issues. After the re-install, I tried the lookups build configuration wizard, but it doesn't seem to build lookups even though wizard ran successfully with all green "successful" message. 

I tried reseting the admon baseline, adding manual domain input but still no luck. Indexes look correct, log is still getting ingested, 

I used pre-defined TA inputs.conf files, mainly working with 1 DC. This DC has below apps.
Splunk_TA_windows 
Splunk_TA_windows_dc
Splunk_TA_windows_admon 

Main lookup i'm trying to build is 'AD_User_LDAP_list' as my searches with this lookup shows error message "The lookup table 'AD_User_LDAP_list' requires a .csv or KV store lookup definition."

Can somebody point me to the right direction to fix this issue?

 
Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @cdasong,

check the lookup building scheduled searches, ofter in these searches there isn't the index to use and requires a little customization.

The other solution is to put all the indexes in the default path for searches, but I don't like because in this way you have slower searches.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...