I have Splunk Cloud and on here I have the Splunk App for Windows Infrastructure installed. I also have the Splunk Supporting Add-on for Active Directory installed (which I was told was needed) on Splunk Cloud. However, I'm not so sure this is correct because the configuration of this supporting Add-on looks very much like it needs to be within my local network. In my local network, I have a domain controller with the Splunk Add-on for Microsoft Windows installed and this is sending data to my Splunk Cloud indexes. However, some of my dashboards display errors like this: [subsearch]: External search command 'ldapsearch' returned error code 1. Script output = "error_message=Cannot find the configuration stanza for domain=MYDOMAIN in ldap.conf. " I've been reading through the docs again and it seems like I need to have LDAP searches configured and working which appear to be part of the Supporting Add-on for Active Directory. However, another post I read said that the Splunk Add-on for Microsoft Windows removes the need for this supporting add-on. I'm wholly confused at the moment. Can someone clear this up for me? I just want to get all data working correctly on the Splunk App for Windows Infrastructure hosted in my Splunk Cloud environment. Documentation just feels like an utter minefield. Am I missing an app on my local server or have I missed a piece of key config on the Splunk Add-on for Microsoft Windows App?
... View more