Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the dashboard using input field will not show a table ldapsearch?

vincenp2
New Member
‎07-26-2019 12:44 AM

I have a dashboard which carries out an ldapsearch when CN is input using an input field
currently it returns all details, but I would like it to return a table if possible showing just cn and mail

current search generated in dashboard is:

| ldapsearch search="(objectclass=user)" | search $cn_field$

if I add | table cn mail to the end of this search it seems to be ignored

If I run this as a normal search, and use a specific CN instead of $cn_field$ I can get it to work and report as a table
e.g.

| ldapsearch search="(objectclass=user)" | search xyz123 | table cn mail

this results in a table showing the CN of xyz123, and the associated email address

Can anyone advise as to how I can get a table to be produced using an input field please?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-26-2019 01:38 AM

Hi vincenp2,
I created a dashboard like the one you want searching for name, status and expiring year, my search was

| ldapsearchsearch="(&(objectClass=user)(!(objectClass=computer)))"attrs="displayName,givenName,sn,distinguishedName,objectCategory,sAMAccountName,sAMAccountType,description,accountExpires,userAccountControl"
| search $text$ $status$ accountExpires="$year$*"

if you want to search only about name try

| ldapsearchsearch="(&(objectClass=user)(!(objectClass=computer)))"attrs="displayName,givenName,sn,distinguishedName,objectCategory,sAMAccountName,sAMAccountType,description,accountExpires,userAccountControl"
| search $text$

Bye.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution

vincenp2
New Member
‎07-26-2019 03:59 AM

hi Giuseppe, many thanks for getting back to me so quickly - I would have liked to have been able to create a table if possible, however what you have provided allows me to do what I need and just present certain elements of the output

Thanks again, it is much appreciated 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-26-2019 01:38 AM

Hi vincenp2,
I created a dashboard like the one you want searching for name, status and expiring year, my search was

| ldapsearchsearch="(&(objectClass=user)(!(objectClass=computer)))"attrs="displayName,givenName,sn,distinguishedName,objectCategory,sAMAccountName,sAMAccountType,description,accountExpires,userAccountControl"
| search $text$ $status$ accountExpires="$year$*"

if you want to search only about name try

| ldapsearchsearch="(&(objectClass=user)(!(objectClass=computer)))"attrs="displayName,givenName,sn,distinguishedName,objectCategory,sAMAccountName,sAMAccountType,description,accountExpires,userAccountControl"
| search $text$

Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...