Getting Data In

Active Directory: monitor only users data

giorgio_adami_m
Path Finder

Hi all!

I need to import users informations from AD.
The forest has a folder for each Country, and each country has the "users" folder (Ex: OU=users, OU=Country1, OU=intranet and OU=users, OU=Country2, OU=intranet).

I've tried to edit %SPLUNK_HOME%\bin\scripts\splunk-admon.path in this way:

$SPLUNK_HOME\bin\splunk-admon.exe -query "(&(sAMAccountType=805306368))"

It runs without errors, but i lose the format of the sourcetype "ActiveDirectory".

Any suggestion?
Thanks

Tags (1)
0 Karma
1 Solution

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

View solution in original post

0 Karma

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...