Getting Data In

REST call to show the number of logged-in users in a clustered environment?

sheltomt
Path Finder

I've got a cluster question regarding REST calls and translation into a clustered environment. I have multiple searches with problems, but I figure I can get pointed in the right direction and be good.

On my non-clustered search head, I have a call for displaying the number of logged-in users:

| rest /servicesNS/-/-/authentication/httpauth-tokens splunk_server=local |search NOT userName="splunk-system-user" searchId=""|stats dc(userName) AS count

I'm not sure how to translate this into our new clustered environment. I've seen via Google of

 index=_internal sourcetype=splunkd_ui_access

but this is more of a log, not a count of currently logged in

Anyone have insight?

0 Karma

xavierashe
Contributor

Change the splunk_server to point toward your cluster master. Here's what I have on my dashboard:

| rest /servicesNS/-/-/authentication/httpauth-tokens splunk_server=mymaster.company.corp |search NOT userName="admin" searchId=""|stats dc(userName) AS count
0 Karma
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...