Wasn't sure how to phrase the question. I'd like to have a dashboard a user can input information and then after hitting Submit updates a lookup. That part is easy enough. What I'd like to do, without prompting them, is behind the scene grabbing their user name and adding it to the lookup with the information they have entered. By chance has anyone done something similar before?
The answer depends on where you want to get the information.
In search:
| rest /services/authentication/current-context splunk_server=local | fields username
In a SplunkWeb controller (Python):
import cherrypy
user = cherrypy.session['user']['name']
In a splunkd REST endpoint (Python, when inheriting from splunk.rest.BaseRestHandler):
user = self.request['userName']
In Javascript:
function getUser(){
var uri = Splunk.util.make_url("/splunkd/__raw/services/authentication/current-context?output_mode=json");
var info = null;
// Fire off the request
jQuery.ajax({
url: uri,
type: 'GET',
async: false,
success: function(result) {
console.info(result);
info = result;
}
});
return info.entry[0].content.username;
}
var user = getUser();
The better place to start is looking at splunk_web_access for this information
index=_internal sourcetype=splunk_web_access my_dashboard
The results should give you the information of the query string that is formed to execute the dashboard. With little regex, you should be able to retrieve the input information user provided, The sourcetype also has "user" field. You can then schedule a search to retrieve this information periodically and update the lookup..
You can get the current user name through an inline search, namely |rest /services/authentication/current-context splunk_server=local
You could use append and stats tricks to add it in how you want, or even have it be a populating search on a different input for your dashboard field.