Description:
This dashboard is designed to simplify Splunk’s LDAPSEARCH command. LDAP must be configured in your Splunk instance for this to work.
<form> <label>LDAP objectClass/CN/OU Search</label> <description>LDAPSEARCH Dashboard.</description> <fieldset submitButton="true" autoRun="false"> <input type="radio" token="objectClass_field"> <label>objectClass</label> <default>*</default> <choice value="*">Any objectClass</choice> <choice value="user">Users</choice> <choice value="computer">Computers</choice> </input> <input type="text" token="cn_field"> <label>CN</label> <default>*</default> </input> <input type="text" token="ou_field"> <label>OU</label> <default>*</default> </input> </fieldset> <row> <panel> <table> <search> <query>| ldapsearch search="(&(cn=$cn_field$)(objectClass=$objectClass_field$))" | rex field=distinguishedName max_match=50 "(?<ou_extraction>OU=([^,]+))" | search ou_extraction="OU=$ou_field$" | rename ou_extraction AS "ou" | table cn, dNSHostName, operatingSystem, ou, objectClass, isCriticalSystemObject, lastLogon, pwdLastSet, description</query> <earliest>-15m</earliest> <latest>now</latest> </search> <option name="drilldown">none</option> <option name="refresh.display">progressbar</option> </table> </panel> </row> </form>