All Apps and Add-ons

Is it possible to have Splunk search active directory with UserID and return the user's real name?

fielding_rodney
New Member

My organization uses obscure UserID's for AD authentication (e.g. abc9999). Is it possible to have Splunk search AD with the UserID and return the user's real name during a search?

Example:

prod\abc9999 is John Doe

0 Karma

bmacias84
Champion

Hello,
Splunk provides an app called Splunk Support for Active Directory. This SA has a custom command to search AD and append information to your results.

Splunk Support for Active Directory

0 Karma

ChrisG
Splunk Employee
Splunk Employee

FWIW, that app provides supporting functions for the Splunk App for Windows Infrastructure (http://apps.splunk.com/app/1680/). The Windows Infrastructure app does have some reports on AD users: http://docs.splunk.com/Documentation/MSApp/1.0.3/MSInfra/ActiveDirectoryReports#User_Reports.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

If you have a lookup that maps IDs to names, you can do it. You can read about this feature in Configure field lookups in the Knowledge Manager Manual.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...