Getting Data In

Active Directory: monitor only users data

giorgio_adami_m
Path Finder

Hi all!

I need to import users informations from AD.
The forest has a folder for each Country, and each country has the "users" folder (Ex: OU=users, OU=Country1, OU=intranet and OU=users, OU=Country2, OU=intranet).

I've tried to edit %SPLUNK_HOME%\bin\scripts\splunk-admon.path in this way:

$SPLUNK_HOME\bin\splunk-admon.exe -query "(&(sAMAccountType=805306368))"

It runs without errors, but i lose the format of the sourcetype "ActiveDirectory".

Any suggestion?
Thanks

Tags (1)
0 Karma
1 Solution

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

View solution in original post

0 Karma

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...