All Apps and Add-ons

App/User Role with the highest number of queries running or running

Path Finder

Greetings,

I'm trying to perform a search that shows me a list of top apps / roles that most perform queries. I'm trying to hold rest queries to get this information but I'm not getting it.

Someone has a suggestion?

Tkx.

0 Karma

Builder

Hi @markuxProof

Splunk writes data about top apps, top users in Introspection Index

Hope this helps,

alt text

Thanks

0 Karma

Splunk Employee
Splunk Employee

For the search per app you can easily tell from the monitoring console app.

https://mysplunkinstance:8000/en-US/app/splunk_monitoring_console/search_activity_instance

the panels are populated by searches based on introspection. (it has the type of search, app, user, mode , search name...)
but the role is not included, you may have to do a lookup (for the user/role mapping), but remember that an user can be member of several roles, and that roles inherit from each others, so you may not have a 1-1 relation ....

0 Karma