Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Quick question about AD app 'GroupType' does not exist [pic]

eafitt
Path Finder
‎10-31-2012 07:22 AM

Where is this error coming from? or is this problem within the AD app directory or something with my central splunk server?

http://www.freeimagehosting.net/oinp6

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎10-31-2012 07:54 AM

It's something with your AD app install.

In default/transforms.conf, there is a stanza for GroupType - it basically converts the event type into a field GroupType that contains Security or Distribution. This is backed by a CSV file in lookups/

By default, this happens on your search head and it is passed down to indexers in the replication bundle if you have a separate indexer. However, it should just automatically be there. So, I believe the issue is in your install.

View solution in original post

Reply
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎10-31-2012 07:54 AM

It's something with your AD app install.

In default/transforms.conf, there is a stanza for GroupType - it basically converts the event type into a field GroupType that contains Security or Distribution. This is backed by a CSV file in lookups/

By default, this happens on your search head and it is passed down to indexers in the replication bundle if you have a separate indexer. However, it should just automatically be there. So, I believe the issue is in your install.

Reply
Solved! Jump to solution

eafitt
Path Finder
‎11-02-2012 05:46 AM

It is in the AD app, could it be something with the actual csv file?
http://www.freeimagehosting.net/s86fw

0 Karma
Reply
Solved! Jump to solution

ahall_splunk
Splunk Employee
Splunk Employee
‎11-01-2012 10:52 AM

Make sure the GroupType lookup is exported properly (go into Manager->Lookups and export it to system)

0 Karma
Reply
Solved! Jump to solution

eafitt
Path Finder
‎11-01-2012 07:57 AM

Actually this error is coming up in every app that I have not just the AD app which I got working.

0 Karma
Reply
Solved! Jump to solution

ahall_splunk
Splunk Employee
Splunk Employee
‎10-31-2012 09:56 AM

Read the documentation on http://docs.splunk.com for detailed instructions on how to install the AD app.

0 Karma
Reply
Solved! Jump to solution

eafitt
Path Finder
‎10-31-2012 08:39 AM

Ok I'll go back through the install. Also would there happen to be a video or better reference to deploying splunk app for AD? I've been through all the documents on splunk base as well as the readme within the app multiple times and still can't get it to work.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...