Hi,
I am interested to create a search and alert when a specific set of OU's contains members. The OU should typically be empty and I would like to receive notification when the OU contains Computers or Users.
I am new to Splunk so apologies in advance if this request is trivial. I have check the forum already before asking but am unable to find an answer.
thanks
Write a search that fetches strings containing OUs. Extract the OU field (perhaps using rex
) then filter out the empty values ( where isnotnull(OU)
is one way). Finally, save the search as an alert and make the triggering condition be number of results is not zero.