Getting Data In

Active Directory: monitor only users data

giorgio_adami_m
Path Finder

Hi all!

I need to import users informations from AD.
The forest has a folder for each Country, and each country has the "users" folder (Ex: OU=users, OU=Country1, OU=intranet and OU=users, OU=Country2, OU=intranet).

I've tried to edit %SPLUNK_HOME%\bin\scripts\splunk-admon.path in this way:

$SPLUNK_HOME\bin\splunk-admon.exe -query "(&(sAMAccountType=805306368))"

It runs without errors, but i lose the format of the sourcetype "ActiveDirectory".

Any suggestion?
Thanks

Tags (1)
0 Karma
1 Solution

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

View solution in original post

0 Karma

giorgio_adami_m
Path Finder

It seems that it's not possible to edit the query LDAP that splunk-admon launch to the target DC.
I've solved filtering events with props/transforms before forward/index them.

0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...