Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Keeping history of AD groups

Sasquatchatmars
Communicator
‎11-16-2020 11:36 PM

Hi all,

I have been making a search to know which account is in which groups using ldapsearch. I succesfully made the search. I will put the query below. Now my question is, is it possible to keep a history of the results for 30 days.

My search will be turned into a report which will run every day and I want to keep every result for 30 days. I was thinking to put everything in a pdf or csv report but I don't know how to delete it after 30 days. Otherwise i would need to send the report by mail but I really want to avoid that options if possible. Does someone know what the best option would be and how I could set it up. 

The query is :

| ldapsearch domain="default" search="(&(objectClass=group)(cn=*))"
| ldapgroup
| rex field=member_dn "CN=(?<member_name_full>[^,]*),"
| table cn,member_dn,member_type,member_name_full
| sort cn
| rename cn AS "Group Name", member_dn AS "Member DN", member_type AS "Member Type", member_name_full AS "Member Name"

 

Thank you.

Sasquatchatmars

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-17-2020 05:57 AM

Put the results of the report into a summary index that has a retention time of 30 days.  Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-17-2020 05:57 AM

Put the results of the report into a summary index that has a retention time of 30 days.  Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

Sasquatchatmars
Communicator
‎11-17-2020 07:46 AM

Hi @richgalloway,

Thank you this worked!

Sasquatchatmars 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...