Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Account usage by OU

Krillu
New Member
‎05-11-2021 05:30 AM

Hi,

 

Basically I need to find out when some old service accounts were last used/if they have ever been used. We have 1000's and would like a report string that would report based on all accounts found in a particular OU. I have one for searching specific accounts but copy and pasting all the account names is very tedious.

 

This is what I have for searching accounts:

 

index=wineventlog source="WinEventLog:Security"
Account_Name=redbox.service
host!=DOMAIN, host!=DOMAIN, host!=DOMAIN, host!=DOMAIN* | stats count by Account_Name, host

I am very new to splunk so any suggestions would be much appreciated. If you know of a better way to do this then feel free to let me know!

 

Tags (1)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How Edge Processor's Durable Queue Works

Edge Processor sits in one of the most consequential places in any Splunk pipeline: between your data sources ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...