I would like to fetch attributes from our metadirectory for any number of reasons
with the splunk support app ldap commands it is basically possible to query ldap and it sort of works
mysearch |ldapfilter domain=meta-intg search="(&(objectClass=inetOrgPerson)(cn=$CN$))" attrs="description,fullname,dn"
gives a table view with the attribute values as fields but i don't see the fields in the fields explorer sidebar and i can't use the fields in any subsequent command like table etc or augment them to the log entries.
What am i doing wrong?
ps: there is a small issue hence the filter else i get results but also a "size limit exceeded" resulting in zero results.
I'm having the same problem, and the workaround described at:
Does seem to work, but it creates ugly/inconsistent results. I don't see where the fields are multi-value, and doing an export to JSON/CSV/XML confirms this, but without doing this series of eval statements, I can't get data in a table either.
The field names are not the same as you type - they are the "official" names - remember that field names are case sensitive. For example, dn is actually called "distinguishedName" - dn is just an alias.
You are using it in the right way, so something else must be going on. On my 5.0.1 system, this results in the fields appearing in the side-bar. We also use table, etc. several times in the Splunk App for Active Directory, so that would break if this didn't work.