Tuesday, November 22, 2016

Splunk | Never Expire | Table Filter

Splunk search

"'Don't Expire Password' - Enabled"  | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User

indexes the Account Name field then maps out for easy viewing.

<search here>  | eval Administrator=mvindex(Account_Name, 0), User=mvindex(Account_Name, -1) | table _time,Administrator,User

Posted by at No comments:
Subscribe to: Posts (Atom)