Error 01-27-2021 08:08:46.410 -0300 WARN ScopedLDAPConnection - strategy="SIEM" LDAP Server returned warning in search for DN="OU=XX,DC=XX,DC=XX,DC=br". reason="Size limit exceeded" 1-27-2021 08:08:46.411 -0300 ERROR AdminHandler:AuthenticationHandler - Failed to retrieve a group with these settings. Consult your LDAP admin or see splunkd.log with ScopedLDAPConnection set to DEBUG for more information. We have Splunk 8.1.1 over SUSE 12 and we are trying to connect to AD in order to allow some specific groups. The problem is that Splunk can only "see" a few groups. We have been changing de OU, all kind of conditions and the problem is the same. It is not a permission problem because other tools with the same user can see all groups. We have around +9.000 groups in AD. Splunk is able to see just 354 groups. We tried to include a static group to minimize the number of occurrencies, but Splunk is not able to find the correct groups. It only see olders groups in AD. The new group that we create for this, it can't see. What are the options to find the problem? Any others passed for this?
... View more