Splunk Search

Keeping history of AD groups

Sasquatchatmars
Communicator

Hi all,

I have been making a search to know which account is in which groups using ldapsearch. I succesfully made the search. I will put the query below. Now my question is, is it possible to keep a history of the results for 30 days.

My search will be turned into a report which will run every day and I want to keep every result for 30 days. I was thinking to put everything in a pdf or csv report but I don't know how to delete it after 30 days. Otherwise i would need to send the report by mail but I really want to avoid that options if possible. Does someone know what the best option would be and how I could set it up. 

The query is :

| ldapsearch domain="default" search="(&(objectClass=group)(cn=*))"
| ldapgroup
| rex field=member_dn "CN=(?<member_name_full>[^,]*),"
| table cn,member_dn,member_type,member_name_full
| sort cn
| rename cn AS "Group Name", member_dn AS "Member DN", member_type AS "Member Type", member_name_full AS "Member Name"

 

Thank you.

Sasquatchatmars

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Put the results of the report into a summary index that has a retention time of 30 days.  Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Put the results of the report into a summary index that has a retention time of 30 days.  Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

Sasquatchatmars
Communicator

Hi @richgalloway,

Thank you this worked!

Sasquatchatmars 

0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...