Splunk App for Windows Infrastructure: Why is my G...

daniel333 · ‎09-08-2018

all,

I am setting up the Splunk app for Windows Infrastructure. Dashboards I expect to work are working. HOW EVER I am not seeing:

Group Audit >> Full Group Membership dashboard is throwing this error.

External search command 'ldapgroup' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/default. "

So far no other dashboards are having problems. I reviewed my SA-ldapsearch apps

here is my ldap.conf config

#ldap.conf
[somedomain.com]
  alternatedomain = SOMEDOMANI
  basedn = DC=somedomain,DC=com
  binddn = somedomain\SvcSplunkLDAP
  port = 389
  server = awesomeserver01
  ssl = 0

Any ideas here?

hettervik · ‎04-25-2019

I had the same problem. There seems to be a bug in the add-on. Try moving the configuration over to the default stanza instead of using a custom one (somedomain.com in your case).

See the following thread: https://answers.splunk.com/answers/172847/ldapfilter-is-giving-me-error-missing-required-val.html

woodcock · ‎09-14-2018

It is telling you what it needs. I don't know why but it requires you to configure an alternate domain in the default setting. Go back and add a value and it should work.

Splunk App for Windows Infrastructure: Why is my Group Membership dashboard throwing error "External search command 'ldapgroup' returned error code 1"?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

Splunk App for Windows Infrastructure: Why is my Group Membership dashboard throwing error "External search command 'ldapgroup' returned error code 1"?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability