Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ldap seach with a wildcard

chadman
Path Finder
‎03-28-2018 05:45 AM

I have a search below that works fine, but I would like to add a wildcard to it.

This search works
| ldapsearch domain=mydomain.com search=(&(objectClass=computer)(memberOf="CN=Patch1, OU=Patches,OU=Wintel,DC=Mydomain,DC=com)) attrs=name

I would like to do something like below, but it does not show any results with the wildcard.
| ldapsearch domain=mydomain.com search=(&(objectClass=computer)(memberOf="CN=Patch*, OU=Patches,OU=Wintel,DC=Mydomain,DC=com)) attrs=name

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hos_2
Path Finder
‎03-28-2018 07:32 AM

Hey Chadman,

Try something like this:
search="(CN=Patch*)"

and keep adding to if that is working in your environment.

Or you can get a bit more creative (not sure if this will work for you, you may want to try creating a Lookup that you can pull the data from, to search):

| ldapsearch domain=mydomain.com search=objectClass=computer | search memberOf="(CN=Patch*, OU=Patches,OU=Wintel,DC=Mydomain,DC=com)"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Eric_Mcknight
Explorer
‎08-09-2019 09:49 AM

This issue has been resolved: https://docs.splunk.com/Documentation/SA-LdapSearch/2.2.1/User/ReleaseNotes#Fixed_issues

0 Karma
Reply
Solved! Jump to solution
Solution

hos_2
Path Finder
‎03-28-2018 07:32 AM

Hey Chadman,

Try something like this:
search="(CN=Patch*)"

and keep adding to if that is working in your environment.

Or you can get a bit more creative (not sure if this will work for you, you may want to try creating a Lookup that you can pull the data from, to search):

| ldapsearch domain=mydomain.com search=objectClass=computer | search memberOf="(CN=Patch*, OU=Patches,OU=Wintel,DC=Mydomain,DC=com)"

0 Karma
Reply
Solved! Jump to solution

chadman
Path Finder
‎03-28-2018 07:39 AM

hos_2,
That does kind of work, but how can I do something like below to narrow down the search?
search="(CN=Patch*)(OU=Wintel)"

0 Karma
Reply
Solved! Jump to solution

EdBruce
Explorer
‎03-07-2019 07:28 AM

I believe you need to use the and filtercomp "&". Still learning myself, but might try:

search=(&(CN=Patch*)&(OU=Wintel))

0 Karma
Reply
Solved! Jump to solution

hos_2
Path Finder
‎03-28-2018 07:43 AM

Maybe something like this?

search memberOf="CN=Patch*" AND memberOf=(OU=Patches,OU=Wintel,DC=Mydomain,DC=com)

0 Karma
Reply
Solved! Jump to solution

chadman
Path Finder
‎03-28-2018 08:15 AM

Cant get that to work, syntax might be wrong. I have tried a couple variations. I also tried to add basedn=(OU=Patches,OU=Wintel,DC=Mydomain,DC=com) thinking that would limit the scope of my search, but it's not.

0 Karma
Reply
Solved! Jump to solution

hos_2
Path Finder
‎03-28-2018 08:19 AM

Yeah we had similar issues with the data, our work around was to just gather everything in a lookup daily, then run searches off the lookup tables.

0 Karma
Reply
Solved! Jump to solution

chadman
Path Finder
‎03-28-2018 11:05 AM

Thanks. I might look into that also. I was hopping to avoid having another process to create the lookup table. I also posted another question similar, but without wild cards.

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...