×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ggilmore1
Explorer
Member since: ‎07-14-2022
‎07-14-2022
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-14-2022
View All

Re: How to achieve field extraction to list domain...

by in Splunk Search
‎07-14-2022 03:16 PM
‎07-14-2022 03:16 PM
That's the one. Thank you sir for bearing with me ... View more

Re: How to achieve field extraction to list domain...

by in Splunk Search
‎07-14-2022 03:12 PM
‎07-14-2022 03:12 PM
What I mean is the logs are like this: CN=Admin Account,OU=Vendor Accounts,OU=IT,DC=domain,DC=domain|CN=Admin Account2,OU=Vendor Accounts,OU=IT,DC=domain,DC=domain And the command stops after the first one. ... View more

Re: How to achieve field extraction to list domain...

by in Splunk Search
‎07-14-2022 02:41 PM
‎07-14-2022 02:41 PM
I tried the first one and it works well. The problem is it seems to stop after the first one and I can't get it to repeat. Unfortunately I am pretty new to the world of regex ... View more

Re: How to achieve field extraction to list domain...

by in Splunk Search
‎07-14-2022 01:38 PM
‎07-14-2022 01:38 PM
Ideally, I would like to match all CN=Admin Account. My goal is to make a table with the admin accounts ... View more

How to achieve field extraction to list domain adm...

by in Splunk Search
‎07-14-2022 12:52 PM
‎07-14-2022 12:52 PM
I have been trying to extract a field to list domain admins from AD logs. The logs have all the admins starting with a CN= as shown in the expression. Despite working on regex101, the expression won't extract on Splunk. I've tried making little modifications but to no avail. Please help. Expression: source="ActiveDirectory" AND "CN=Domain Admins" AND member=* | rex field=_raw"(?<=CN=)[\w .]*(?=,)(?<admin>)/g"   The logs look similar to this: CN=Admin Account,OU=Vendor Accounts,OU=IT,DC=domain,DC=domain ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-14-2022 07:09 PM
Karma given to
View All