Splunk Search

Keeping history of AD groups

Sasquatchatmars
Communicator

Hi all,

I have been making a search to know which account is in which groups using ldapsearch. I succesfully made the search. I will put the query below. Now my question is, is it possible to keep a history of the results for 30 days.

My search will be turned into a report which will run every day and I want to keep every result for 30 days. I was thinking to put everything in a pdf or csv report but I don't know how to delete it after 30 days. Otherwise i would need to send the report by mail but I really want to avoid that options if possible. Does someone know what the best option would be and how I could set it up. 

The query is :

| ldapsearch domain="default" search="(&(objectClass=group)(cn=*))"
| ldapgroup
| rex field=member_dn "CN=(?<member_name_full>[^,]*),"
| table cn,member_dn,member_type,member_name_full
| sort cn
| rename cn AS "Group Name", member_dn AS "Member DN", member_type AS "Member Type", member_name_full AS "Member Name"

 

Thank you.

Sasquatchatmars

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Put the results of the report into a summary index that has a retention time of 30 days.  Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Put the results of the report into a summary index that has a retention time of 30 days.  Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

Sasquatchatmars
Communicator

Hi @richgalloway,

Thank you this worked!

Sasquatchatmars 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...