Solved: Keeping history of AD groups

Sasquatchatmars · ‎11-16-2020

Hi all,

I have been making a search to know which account is in which groups using ldapsearch. I succesfully made the search. I will put the query below. Now my question is, is it possible to keep a history of the results for 30 days.

My search will be turned into a report which will run every day and I want to keep every result for 30 days. I was thinking to put everything in a pdf or csv report but I don't know how to delete it after 30 days. Otherwise i would need to send the report by mail but I really want to avoid that options if possible. Does someone know what the best option would be and how I could set it up.

The query is :

| ldapsearch domain="default" search="(&(objectClass=group)(cn=*))"
| ldapgroup
| rex field=member_dn "CN=(?<member_name_full>[^,]*),"
| table cn,member_dn,member_type,member_name_full
| sort cn
| rename cn AS "Group Name", member_dn AS "Member DN", member_type AS "Member Type", member_name_full AS "Member Name"

Thank you.

Sasquatchatmars

richgalloway · ‎11-17-2020

Put the results of the report into a summary index that has a retention time of 30 days. Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-17-2020

Put the results of the report into a summary index that has a retention time of 30 days. Use the collect command to write the results.

---
If this reply helps you, Karma would be appreciated.

Sasquatchatmars · ‎11-17-2020

Hi @richgalloway,

Thank you this worked!

Sasquatchatmars

Keeping history of AD groups

other

Register to Attend BSides SPL 2022 - It's all Happening October 18!

What's New in Splunk Cloud Platform 9.0.2208?!

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs