All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get current app name in a search ?

yoho
Contributor
‎09-09-2020 01:12 AM

Is there a way to get the current app name in a search ?

I've found how to get the current user name (| rest splunk_server=local /services/authentication/current-context | table username) but I would also need the current app.

The app I'm building is looking in splunk access logs for its own name, so that it displays some statistics about itself, like response time, etc...

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎09-09-2020 01:45 AM

Thanks to @martin_mueller  

 

| rest splunk_server=local /services/authentication/current-context 
| table username 
| eval 
    [ rest /services/search/jobs splunk_server=local 
    | addinfo 
    | where sid=info_sid 
    | rename eai:acl.app as my_app_name 
    | return my_app_name]

 

————————————
If this helps, give a like below.

View solution in original post

Reply
Solved! Jump to solution

yoho
Contributor
‎02-03-2021 11:54 PM

It looks like this command doesn't work on a search head cluster because the current sid returned by addinfo is not (yet) in the list of jobs. It's a pitty there's no simple way to get the current app name, except in dashboards.

0 Karma
Reply
Solved! Jump to solution

yoho
Contributor
‎09-09-2020 03:43 AM

Thank you both for your answers, I need it in a search but your answer is also very useful @martin_mueller !

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎09-09-2020 02:02 AM

If this is in a dashboard then you don't need to launch a subsearch, instead you can use the token `$env:app$`: https://docs.splunk.com/Documentation/Splunk/8.0.6/Viz/tokens#Use_global_tokens_to_access_environmen...

Reply
Solved! Jump to solution
Solution

thambisetty
SplunkTrust
SplunkTrust
‎09-09-2020 01:45 AM

Thanks to @martin_mueller  

 

| rest splunk_server=local /services/authentication/current-context 
| table username 
| eval 
    [ rest /services/search/jobs splunk_server=local 
    | addinfo 
    | where sid=info_sid 
    | rename eai:acl.app as my_app_name 
    | return my_app_name]

 

————————————
If this helps, give a like below.
Reply
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...
Top