Hi,
I just installed version 2.0 of this add-on and found a couple of issues with some macro definitions. I've fixed them in the patch below.
Cheers
matthew
$ diff -u ms_windows_ad_objects/appserver/addons/splunk_for_windows_infrastructure/local/macros.conf splunk_app_windows_infrastructure/local/macros.conf
--- ms_windows_ad_objects/appserver/addons/splunk_for_windows_infrastructure/local/macros.conf 2016-09-30 11:02:46.481370000 +1000
+++ splunk_app_windows_infrastructure/local/macros.conf 2016-09-30 12:11:11.359023131 +1000
@@ -143,7 +143,7 @@
| rename cn as "Group Name",groupType_Name as "Type",membercount as "# Members"
[secrpt-new-groups(1)]
-eventtype=wineventlog_security (EventCode=631 OR EventCode=635 OR EventCode=658 OR EventCode=4727 OR EventCode=4731 OR EventCode=4754) dest_nt_domain="$domain$"\
+definition = eventtype=wineventlog_security (EventCode=631 OR EventCode=635 OR EventCode=658 OR EventCode=4727 OR EventCode=4731 OR EventCode=4754) dest_nt_domain="$domain$"\
|lookup GroupType MSADGroupClassID OUTPUT MSADGroupClass\
|eval adminuser=src_nt_domain."\\".src_user\
|table _time,user_group,MSADGroupClass,MSADGroupType,adminuser\
@@ -351,7 +351,7 @@
definition = inputlookup AD_OU_LDAP_list\
| search domain="$domain$" Linked_GPO=* NOT Linked_GPO=""\
| makemv delim="####" Linked_GPO\
-| table ou,description,Linked_GPO
+| table ou,description,Linked_GPO\
| rename ou as "Name",Linked_GPO as "Linked GPO"
[secrpt-unmanaged-orgunits(1)]
... View more