Currently I am using splunk for a catalogue system. I have set up a website which allows users to enter data via html FORMs. Additionally, the users can submit binary data to the website. All of this data is ingested by this submission website, and then fed to a Python back end which carries out all the data processing.
After this processing, the data is fed to splunk, which indexes it for the users to conduct their searches. I have linked this website via an iframe link within a view on an app served out to all Splunk users. This way, the users can submit data to the web submission back end via their Active Splunk session.
I want to set up the system to where the splunk username of the currently logged in user is automatically ingested with any data the user enters into the web submission site. This way, we can always determine which user submitted what data. I do not know how to accomplish this. I am assuming I will have to pass a specific Splunk token containing the username data to a hidden form field on the web submission page. So my questions are:
Is there a specific Splunk token or variable which carries the username of the currently logged in user? Or is there a way to attain this data?
What would be the most efficient way to pass this data off to a website, in a way which is invisible to the currently logged in user?
I handled the 2nd part of your question with a custom command. The custom Splunk command is a perl script that takes the input from a search that runs on the dashboard. The username part of that search and so it's sent to the perl script.