Hi All,
I need to remove users from splunk, which they are no longer exist in company but user is still exists in splunk
Any search query to find user, whoever not using splunk since couple of weeks.
Thanks,
Tarak
Hi
see these links which show a query to find user
https://answers.splunk.com/answers/233593/how-to-retrieve-current-user-in-splunk.html
https://answers.splunk.com/answers/28633/current-user-in-search.html
For LDAP authentication, you can find the users who left the company and their LDAP account is deleted using following search
index=_internal sourcetype=splunkd source=*splunkd.log component=AuthenticationManagerLDAP log_level=ERROR "Could not find" | table user
Hi
see these links which show a query to find user
https://answers.splunk.com/answers/233593/how-to-retrieve-current-user-in-splunk.html
https://answers.splunk.com/answers/28633/current-user-in-search.html
thanks.
You forgot to vote it
FYI:- those are LDAP users