Splunk® Supporting Add-on for Active Directory

Deploy and Use the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch)

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Upgrade the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch)

Follow these steps to upgrade the Splunk Supporting Add-on for Active Directory (SA-LDAPSearch) from version 2.2.0 and higher:

  1. Download the latest version of the app from Splunkbase.
  2. Unpack the archive.
  3. Copy the Splunk Supporting Add-on for Active Directory folder to the %SPLUNK_HOME%\etc\apps folder on the search head(s) in your deployment. If prompted, overwrite the existing folder. The Splunk Supporting Add-on for Active Directory must be installed on all search heads and indexers in the deployment.
  4. Remove all the inline comments from the SA-ldapsearch\local\logging.conf file if present. These are examples of file stanzas that contain invalid inline comments:
    [logger_root]
    level = NOTSET              ; Default: WARNING
    handlers = LdapSearchLog    ; Default: stderr
    
    [logger_LdapSearchCommand]
    qualname = LdapSearchCommand
    level = NOTSET              ; Default: WARNING
    handlers = LdapSearchLog    ; Default: stderr
    propagate = 0               ; Default: 1
    

    Here's an example of the file stanza after removing the inline comments:

    [logger_root]
    level = NOTSET
    handlers = LdapSearchLog
    
    [logger_LdapSearchCommand]
    qualname = LdapSearchCommand
    level = NOTSET
    handlers = LdapSearchLog
    propagate = 0
    
  5. Restart Splunk Enterprise on the search head(s).
  6. Restart the deployment server.
  7. Log into Splunk Enterprise.
  8. Choose Splunk Supporting Add-on for Active Directory from the list of apps.
Last modified on 09 November, 2020
PREVIOUS
Configure the Splunk Supporting Add-on for Active Directory
  NEXT
The ldapsearch command

This documentation applies to the following versions of Splunk® Supporting Add-on for Active Directory: 2.2.1, 3.0.0, 3.0.1, 3.0.2, 3.0.3


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters