I recently installed openldap add-on on both splunk cloud instance and splunk enterprise security instance
However, the fields extraction only occurs within splunk cloud instance, not ES. How does this happen? What would be a fix for this?
I can see Splunk_TA_openldap being imported within ES when below command is performed. Seems like apps are being imported
| rest /servicesNS/admin/system/apps/local/SplunkEnterpriseSecuritySuite/import splunk_server=local | fields import