We are getting syslog data from our web proxy/firewall (Palo Alto) we would like to be able to generate internet usage reports based on users who are members of specific active directory groups or OUs.
For exmaple we would like our marketing manager to able to view an internet usage summary of the marketing department users.
Would this require an external lookup script to query AD for a list of all members of a group/OU and then load in as an array for a custom search? or is there some native syntax or plugin for Splunk which can achieve this?
Note.
Username information is included in the syslog data recieved from the proxy/firewall we have no problems running general reports filtered on specific subnets or individual users.. its just generating reports which filter down to only inlcude the users of a specific AD group...
Any suggestions.. or pointers to the best/most efficient method would be appreciated.
... View more