Splunk Search

I need a search to find mapping of roles to AD Groups and indexes

Path Finder

I have been able to find searches for roles mapped to AD Groups, but I need to get the indexes those roles are allowed to use.  I'm creating a search to assist in upgrading to a new system.  This mapping will give me the relationships.  I have used:

 | rest /services/admin/roles | table title, srchIndexesAllowed | rename title as role, but it only gives me the role and searchIndexes.  I need to map it to AD groups too.  Also, when I went to download that searches content, it did not download all the data.

I also used: | rest /services/admin/roles | table title, srchIndexesAllowed | rename title as role, but what I really need is all three values: Role mapped to AD Group and role mapped to indexes in the same search.




Labels (1)
Tags (3)
0 Karma


Not sure if it's what you're looking for, but try 

| rest /services/admin/LDAP-groups
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...