Getting Data In

Active Directory: monitor only users data

giorgio_adami_m
Path Finder

Hi all!

I need to import users informations from AD.
The forest has a folder for each Country, and each country has the "users" folder (Ex: OU=users, OU=Country1, OU=intranet and OU=users, OU=Country2, OU=intranet).

I've tried to edit %SPLUNK_HOME%\bin\scripts\splunk-admon.path in this way:

$SPLUNK_HOME\bin\splunk-admon.exe -query "(&(sAMAccountType=805306368))"

It runs without errors, but i lose the format of the sourcetype "ActiveDirectory".

Any suggestion?
Thanks

Tags (1)
0 Karma
1 Solution

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

View solution in original post

0 Karma

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...