All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows Infrastructure AD issue

zwillis24
New Member
‎04-06-2014 01:10 PM

I'm trying to get the Splunk App for Windows Infrastructure working (works for windows events but nothing else) and I'm running into some problems with AD. I believe I have everything setup correctly. I can search AD, for example, |ldapsearch domain=DOMAIN search="(cn=Administrator)" returns a result. However, when I do this search eventtype=msad-dc-health it returns nothing. And when I try to run one of the macros, like domain-list|dedup host|outputlookup DomainList.csv, it returns Error in 'SearchParser': Could not find macro 'domain-list' that takes 0 arguments. Expecting stanza name 'domain-list'. What am I doing wrong? I've also tried the legacy AD app without success. All the prerequisites appear to be met. Nothing ever populates in the apps AD queries. Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

zwillis78
Engager
‎04-24-2014 02:35 AM

Fix by Splunk support. There was an issue with the newest version of the Active Directory app.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

zwillis78
Engager
‎04-24-2014 02:35 AM

Fix by Splunk support. There was an issue with the newest version of the Active Directory app.

0 Karma
Reply
Solved! Jump to solution

dwithers
Explorer
‎04-16-2014 05:26 AM

have you verified your ldapsearch is working properly? Specifically the SA-ldapsearch addon required?

0 Karma
Reply
Solved! Jump to solution

zwillis24
New Member
‎04-16-2014 11:29 AM

I did. That is working fine. I can search AD and AD changes are being indexed.

0 Karma
Reply
Solved! Jump to solution

dbylertbg
Path Finder
‎04-11-2014 01:04 PM

Have you deployed the TAs for active directory monitoring?

Specifically: TA-DNSServer-NT5 TA-DNSServer-NT6 TA-DomainController-2012R2 TA-DomainController-NT5 TA-DomainController-NT6 (as appropriate)

0 Karma
Reply
Solved! Jump to solution

zwillis24
New Member
‎04-11-2014 03:50 PM

Thanks for the reply. I do have those setup in local folders... I think correctly. Any reason why I would be getting this error Error in 'SearchParser': Could not find macro 'domain-list' that takes 0 arguments. Or anything else you can think of that I might be missing? I went through the setup docs very closely. Thanks!

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...