All Apps and Add-ons

Splunk App for Windows Infrastructure: Why is my Group Membership dashboard throwing error "External search command 'ldapgroup' returned error code 1"?



I am setting up the Splunk app for Windows Infrastructure. Dashboards I expect to work are working. HOW EVER I am not seeing:

Group Audit >> Full Group Membership dashboard is throwing this error.

External search command 'ldapgroup' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/default. "

So far no other dashboards are having problems. I reviewed my SA-ldapsearch apps

here is my ldap.conf config

  alternatedomain = SOMEDOMANI
  basedn = DC=somedomain,DC=com
  binddn = somedomain\SvcSplunkLDAP
  port = 389
  server = awesomeserver01
  ssl = 0

Any ideas here?


I had the same problem. There seems to be a bug in the add-on. Try moving the configuration over to the default stanza instead of using a custom one ( in your case).

See the following thread:

Esteemed Legend

It is telling you what it needs. I don't know why but it requires you to configure an alternate domain in the default setting. Go back and add a value and it should work.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.