×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
muralicbe83
New Member
Member since: ‎12-30-2015
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-30-2015
View All

Re: How to get the user login details from ovd acc...

by in Security
‎12-31-2015 01:36 AM
‎12-31-2015 01:36 AM
I have tried the above search but it is not working. from the access.log, by running the below search i will get the 3 lines which is mentioned in my previous post. index=gf_ldap host=uklvadede03a source=*access.log "connection from" OR OVD-20038 OR OVD-20039 |transaction conn from this search when i tried to add your search query, i am not getting the exact output which i need as per below format. exact query used index=gf_ldap host=uklvadede03a source=*access.log "connection from" OR OVD-20038 OR OVD-20039 |transaction conn |extract pairdelim=" " kvdelim="=" | rex "from\s(?\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})" | rex "dn=(?[^\s]+)" | eval result=case(err=0,"Success", err=null, "Success", 1=2, "Fail") | eval conn=replace(conn, ",", "") | streamstats latest(ip) as ip latest(dn) as dn latest(result) as result by conn Output format timelime, IP, dn, Result Sample 2015-12-30T09:01:00.429, 10.193.30.202,Success ... View more

How to get the user login details from ovd access ...

by in Security
‎12-30-2015 01:11 AM
‎12-30-2015 01:11 AM
Hi, I have the ovd access logs as mentioned below where the conn field is common and from that i need to get the below details. may i know how this can be achieved. IP - [ the value is - 10.193.30.202] dn - [the value is - cn=1322337,ou=users,o=sc] Result - SUCCESS [this based on value err=0] ========================================================================== [2015-12-30T09:01:00.429+00:00] [octetstring] [NOTIFICATION] [] [com.octetstring.accesslog] [tid: 14] [ecid: 0000L7ieZqC7Y71pRso2yd1MWffR000004,0] conn=5921 fd=0 slot=0 connection from 10.193.30.202:50220 to 10.193.105.99:7501 port 7501 [2015-12-30T09:01:00.474+00:00] [octetstring] [NOTIFICATION] [OVD-20038] [com.octetstring.accesslog] [tid: 66] [ecid: 0000L7m7bAu7Y71pRso2yd1MWffR0004^o,0] conn=5,921 op=0 BIND dn=cn=1322337,ou=users,o=sc method=0 version=3 [2015-12-30T09:01:00.476+00:00] [octetstring] [NOTIFICATION] [OVD-20039] [com.octetstring.accesslog] [tid: 66] [ecid: 0000L7m7bAu7Y71pRso2yd1MWffR0004^o,0] conn=5,921 op=0 RESULT err=0 tag=0 nentries=0 etime=0 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM