Solved: How do I extract a certain OU from my DN in my act...

DPWSplunkPOC · ‎02-23-2017

I would like to extract a certain portion of my AD data to identify a certain OU. The OU I want to extract always appears before the ,ou=field. So, my data might look like this:

CN=username, OU=value1, OU=value2, OU=value3, ou=value4, dc=value5

But sometimes my data might include an extra OU=, so a simple pattern match does not work. For example another string may look like this:

CN=username, OU=value1, OU=value2, OU=value3, OU=value4, ou=value5, dc=value6

If I have those to strings I would want the regex to give me value3 from the first string and value4 from the second string.

The regex I have is close but is capturing between value,ou when looking at OU=value,ou=value

Here is the regex I developed so far:

\bOU\b=(\w+)?(?P< agency >),ou

DPWSplunkPOC · ‎02-23-2017

I figured it out.

\bOU\b=(\w+)?(?P< agency >\w{2}),ou

View solution in original post

DPWSplunkPOC · ‎02-23-2017

I figured it out.

\bOU\b=(\w+)?(?P< agency >\w{2}),ou

How do I extract a certain OU from my DN in my active directory data?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor