Hi Everyone,
I have a question regarding looking up a extracted/generated field from splunk against active directory at search time. The objective is as follows 1. Extract hostname from DHCP log 2. Check if hostname is present as a Computer object in AD 3. If not present, return hostname as a result
Do I have to extract all AD computer account objects and then put them in a CSV file to do a lookup against, or is it possible to compare the extracted hostnames against AD directly at search time using something like inline ldapsearch?
Any help would be greatly appreciated, I hope my search fu did not miss an answer to this kind of question already.
Many thanks David.
