About dsgoody

dsgoody · ‎04-27-2026

Hi all, We use the MS Windows AD Objects here. It generates lookup tables of AD users and groups that are used in a lot of our search queries, and gives us access to a clear and easy to understand AD audit log. I've noticed today while looking into an issue with our KV store that the app is no longer available - it seems to have just vanished. What's it's replacement? Cheers, Dave

dsgoody · ‎07-22-2025

That is working perfectly, thank you.

dsgoody · ‎07-22-2025

Hi all, I'm having some issues excluding events from our Juniper SRX logs. These events are ingested directly on our Windows Splunk Heavy Forwarders, since these two firewalls are the only syslog inputs we have. My current config is as follows; inputs.conf [udp://firewallip:port] connection_host = ip disabled = false index = juniper sourcetype = juniper props.conf [udp://firewallip:port] TRANSFORMS-null=TenantToTrust,TrustToTenant force_local_processing = true transforms.conf [TenantToTrust] REGEX = source-zone-name="tenant".*destination-zone-name="trust" DEST_KEY = queue FORMAT = nullQueue [TrustToTenant] REGEX = source-zone-name="trust".*destination-zone-name="tenant" DEST_KEY = queue FORMAT = nullQueue All we'd like to do is exclude any events where the source and destination zones are both tenant or trust. Any idea where I might be going wrong? Thanks.

Posts	3
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎07-22-2025

Online Status	Offline
Date Last Visited	‎04-27-2026 01:38 AM

MS Windows AD Objects Replacement?

Excluding events from Juniper SRX logs

MS Windows AD Objects Replacement?

Re: Excluding events from Juniper SRX logs

Excluding events from Juniper SRX logs

Join the Conversation

MS Windows AD Objects Replacement?

Excluding events from Juniper SRX logs

MS Windows AD Objects Replacement?

Re: Excluding events from Juniper SRX logs

Excluding events from Juniper SRX logs