What do we advise customers when there is a change in theorganizational domain but the log consists of old domain. For example: the system are extracting logs linked to the old email address like @immunesecurity.com, but in AD it is @logpoint.com.
Page 1 / 1
Hi Rupsan,
Splitting user@immunesecurity.com to user=user and comparing it with the SAMAccountName in LDAP table may not work because the SAMAccountName and the value in user field may not be the same.
There are two ways to handle this problem.
- Dynamic enrichment with eval command.
| sender="*logpoint.com" | process eval("email=replace(sender,'@logpoint.com','@abc.com')") |
- Custom Compiled normalizer that replaces immunesecurity.com to logpoint.com.
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.