Re: Search Activity & Splunk Support for Active Di...

banderson7 · ‎01-21-2016

I have a search head cluster, and the Search Activity app is installed outside the cluster, on my DMC. SA-Active Directory is installed, and is connected to my domains. When I go into the setup for Search Activity, and select SA-LDAPSearch, domains shows 1 of the 2 domains in the SA. Below the Domains drop-down are Update Domain and Re-run LDAPSearch buttons. Clicking either of those does nothing, and the same with Save Config Choice. Can you help w/ this please?

Thanks.

jkleensang · ‎01-23-2017

I fixed this by adding SA-ldapsearch to the import directive in local.meta

[]
access = read : [ admin ], write : [ admin ]
export = none
version = 6.5.1
modtime = 1485198715.460184000
import = search, search_activity, SA-ldapsearch

After doing this, restart or issue a debug/refresh.

jkleensang · ‎01-23-2017

eh - maybe I spoke too soon. I had found that (at least one) the underlying problem was ldapsearch wasn't being recognized as valid command when trying to manually run the saved search that generates the lookup. However it appears that there's something else in the mix that I'll have to check out tomorrow.

jkleensang · ‎01-24-2017

Came in today and now it's working. Not sure what to make of it.

Search Activity & Splunk Support for Active Directory: No LDAP information was found

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms