Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to format distinguishedName to domain

Meloow
Engager
‎02-22-2022 06:33 AM

I am looking to format ldap extracted distinguishedName to a domain.

Example

CN=Username,OU=Folder,OU=Folder,DC=domain,DC=com

Output

domain.com

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎02-22-2022 07:07 AM

Hi

one way to do it

| makeresults
| eval dn="CN=Username,OU=Folder,OU=Folder,DC=domain,DC=com"
| rex field=dn max_match=0 "(?ms)DC=(?<d1>[\w]+),DC=(?<d2>[\w]+)$"
| eval dn2=d1 .".". d2

r. Ismo 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎02-22-2022 07:07 AM

Hi

one way to do it

| makeresults
| eval dn="CN=Username,OU=Folder,OU=Folder,DC=domain,DC=com"
| rex field=dn max_match=0 "(?ms)DC=(?<d1>[\w]+),DC=(?<d2>[\w]+)$"
| eval dn2=d1 .".". d2

r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! &#x1f308; In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...