All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows Infrastructure AD issue

zwillis24
New Member
‎04-06-2014 01:10 PM

I'm trying to get the Splunk App for Windows Infrastructure working (works for windows events but nothing else) and I'm running into some problems with AD. I believe I have everything setup correctly. I can search AD, for example, |ldapsearch domain=DOMAIN search="(cn=Administrator)" returns a result. However, when I do this search eventtype=msad-dc-health it returns nothing. And when I try to run one of the macros, like domain-list|dedup host|outputlookup DomainList.csv, it returns Error in 'SearchParser': Could not find macro 'domain-list' that takes 0 arguments. Expecting stanza name 'domain-list'. What am I doing wrong? I've also tried the legacy AD app without success. All the prerequisites appear to be met. Nothing ever populates in the apps AD queries. Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

zwillis78
Engager
‎04-24-2014 02:35 AM

Fix by Splunk support. There was an issue with the newest version of the Active Directory app.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

zwillis78
Engager
‎04-24-2014 02:35 AM

Fix by Splunk support. There was an issue with the newest version of the Active Directory app.

0 Karma
Reply
Solved! Jump to solution

dwithers
Explorer
‎04-16-2014 05:26 AM

have you verified your ldapsearch is working properly? Specifically the SA-ldapsearch addon required?

0 Karma
Reply
Solved! Jump to solution

zwillis24
New Member
‎04-16-2014 11:29 AM

I did. That is working fine. I can search AD and AD changes are being indexed.

0 Karma
Reply
Solved! Jump to solution

dbylertbg
Path Finder
‎04-11-2014 01:04 PM

Have you deployed the TAs for active directory monitoring?

Specifically: TA-DNSServer-NT5 TA-DNSServer-NT6 TA-DomainController-2012R2 TA-DomainController-NT5 TA-DomainController-NT6 (as appropriate)

0 Karma
Reply
Solved! Jump to solution

zwillis24
New Member
‎04-11-2014 03:50 PM

Thanks for the reply. I do have those setup in local folders... I think correctly. Any reason why I would be getting this error Error in 'SearchParser': Could not find macro 'domain-list' that takes 0 arguments. Or anything else you can think of that I might be missing? I went through the setup docs very closely. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top