Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

I am writing a subsearch to get a user details as input for someother search but it is not working when i include the subsearch . need help asap

arunsundarm
Engager
‎05-13-2019 01:28 AM

index=* [search index=_internal [| rest /services/authentication/current-context splunk_server=local | fields username | rename username as user ] |top user limit=1 | fields user ]

Tags (1)
0 Karma
Reply

arunsundarm
Engager
‎05-13-2019 01:29 AM

"index=* [search index=_internal [| rest /services/authentication/current-context splunk_server=local | fields username | rename username as user ] |top user limit=1 | fields user ] "

0 Karma
Reply

maciep
Champion
‎05-13-2019 08:41 AM

do you have non-internal indexes with a field named called user that would match the username of the user running this? the subsearch seems to work for me when I just look at internal logs.

0 Karma
Reply

Sukisen1981
Champion
‎05-13-2019 09:34 AM

Bit difficult to understand your requirement, but if you try this , is the first part of your need achieved?
index=_internal | join user type=inner
[| rest /services/authentication/current-context splunk_server=local | fields username | rename username as user |top user limit=1
| fields user]

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...