Hello, I'm trying to create an multi-value field 'category' which takes its value from a 'case(match(' that queries a users AD group membership and returns the category value based on the memberOf field; see below.
| eval category=mvjoin(case(match(memberOf, "(?i)^.*?CN\=\,?.+"),"employee",match(memberOf, "(?i)^.*?CN\=\,?.+"),"privileged",match(memberOf, "(?i)^.*?CN\=\,?.+"),"rest_int"), "|")
For some reason though the final 'category' field only ever contains one value, despite some users being in more than one of the AD groups. mvappend doesn't work either.
↧