@colin_mckibben trying to use the query mentioned on this thread: Get Users With More Than One Account in the Same Source - #5 by colin_mckibben
but not getting expected results.
I get empty under accounts and gets provisioning events in hits. Not sure what this means. I did confirm that there are duplicate accounts from same source under single identity.
My base url is v3 only.
Looking at your first screenshot, you reference the nested path as ACCOUNT, but it should be accounts. I copy/pasted the answer from the thread you linked to and it worked on my tenant…
Tried with your suggestion. still not getting the expected output.
output
There are identities with multiple accounts from same source.
Same output in both prod and sandbox.
I’m not sure why it isn’t picking up your duplicate accounts. I do know that our search DSL is ElasticSearch on the backend. You might try reading up the elastic search docs to see where this is falling short. Just throwing this out, but maybe try increasing size to 10,000. I’m not sure if that will work, though.
I know it’s elasticsearch in backend but some of the syntax is more of developed by development team at sailpoint and they kept elasticsearch syntax in behind of it. Trial and error would not work but once search aggregate goes live will create support ticket.
@chirag_patel I finally found some time to investigate this further, and I think I have a solution. Please see the original post for the new solution and let me know if it helps.
