Hi everyone,
I need to generate a list with all users in Splunk Enterprise, but I stuck on permissions.
I have simple a user (without admin access) and when I tried to make a query to servicesNS
splunk:8089/servicesNS/admin/search/authentication/users
In response, I get "You do not have permissions to access objects of user=admin". Also, I tried to search "index=_audit" and "| rest /services/authentication/users" but without success.
How can I get a list of users in Splunk using a USER account without admin access? Maybe JS or REST can help?
Thanks.
Hi @rendie ,
if you haven't the grants to execute a REST command, the only hint is to run a search on _internal and extract the users that used Splunk!
index=_audit sourcetype = audittrail action="login attempt"
| dedup user
| sort user
| table user
Ciao.
Giuseppe
Ordinary users are limited in what they are allowed to see. The best you can do is this search
| rest /servicesNS/-/search/authentication/users
@richgallowayusing your solution in my case, as a result, I get only the current log user. This can be useful only for user with ADMIN permissions. But in any way thank you for your help.
Hi @rendie ,
if you haven't the grants to execute a REST command, the only hint is to run a search on _internal and extract the users that used Splunk!
index=_audit sourcetype = audittrail action="login attempt"
| dedup user
| sort user
| table user
Ciao.
Giuseppe