All Apps and Add-ons
Highlighted

Is it possible to have Splunk search active directory with UserID and return the user's real name?

New Member

My organization uses obscure UserID's for AD authentication (e.g. abc9999). Is it possible to have Splunk search AD with the UserID and return the user's real name during a search?

Example:

prod\abc9999 is John Doe

0 Karma
Highlighted

Re: Is it possible to have Splunk search active directory with UserID and return the user's real name?

Splunk Employee
Splunk Employee

If you have a lookup that maps IDs to names, you can do it. You can read about this feature in Configure field lookups in the Knowledge Manager Manual.

0 Karma
Highlighted

Re: Is it possible to have Splunk search active directory with UserID and return the user's real name?

Champion

Hello,
Splunk provides an app called Splunk Support for Active Directory. This SA has a custom command to search AD and append information to your results.

Splunk Support for Active Directory

0 Karma
Highlighted

Re: Is it possible to have Splunk search active directory with UserID and return the user's real name?

Splunk Employee
Splunk Employee

FWIW, that app provides supporting functions for the Splunk App for Windows Infrastructure (http://apps.splunk.com/app/1680/). The Windows Infrastructure app does have some reports on AD users: http://docs.splunk.com/Documentation/MSApp/1.0.3/MSInfra/ActiveDirectoryReports#User_Reports.

0 Karma