All Apps and Add-ons

a couple of MS Windows AD Objects add-on macro fixes

mpf
Explorer

Hi,

I just installed version 2.0 of this add-on and found a couple of issues with some macro definitions. I've fixed them in the patch below.

Cheers

matthew

$ diff -u ms_windows_ad_objects/appserver/addons/splunk_for_windows_infrastructure/local/macros.conf splunk_app_windows_infrastructure/local/macros.conf
--- ms_windows_ad_objects/appserver/addons/splunk_for_windows_infrastructure/local/macros.conf  2016-09-30 11:02:46.481370000 +1000
+++ splunk_app_windows_infrastructure/local/macros.conf 2016-09-30 12:11:11.359023131 +1000
@@ -143,7 +143,7 @@
 | rename cn as "Group Name",groupType_Name as "Type",membercount as "# Members"

 [secrpt-new-groups(1)]
-eventtype=wineventlog_security (EventCode=631 OR EventCode=635 OR EventCode=658 OR EventCode=4727 OR EventCode=4731 OR EventCode=4754) dest_nt_domain="$domain$"\
+definition = eventtype=wineventlog_security (EventCode=631 OR EventCode=635 OR EventCode=658 OR EventCode=4727 OR EventCode=4731 OR EventCode=4754) dest_nt_domain="$domain$"\
 |lookup GroupType MSADGroupClassID OUTPUT MSADGroupClass\
 |eval adminuser=src_nt_domain."\\".src_user\
 |table _time,user_group,MSADGroupClass,MSADGroupType,adminuser\
@@ -351,7 +351,7 @@
 definition = inputlookup AD_OU_LDAP_list\
 | search domain="$domain$" Linked_GPO=* NOT Linked_GPO=""\
 | makemv delim="####" Linked_GPO\
-| table ou,description,Linked_GPO
+| table ou,description,Linked_GPO\
 | rename ou as "Name",Linked_GPO as "Linked GPO"

 [secrpt-unmanaged-orgunits(1)]
1 Solution

shogan_splunk
Splunk Employee
Splunk Employee

Thanks for information and fix. I have applied these fixes to veesion 2.1.

View solution in original post

0 Karma

shogan_splunk
Splunk Employee
Splunk Employee

Thanks for information and fix. I have applied these fixes to veesion 2.1.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...