Solved: Is there any way to create dashboard for to check ...

sekhar463 · ‎07-26-2022

hai all,

while searching splunk roles data using rest API | rest /services/authentication/users splunk_server=local

is there any way to create dashboard for to check current login users into splunk?

Thanks

schose · ‎07-26-2022

Hi,

basic idea: get users from web access log and join against the rest endpoint to get the realname, email..

````get all users for last 15m from web_access log````
index=_internal  sourcetype=splunk_web_access earliest=-15m@m 
| stats count by user 
````join users from rest endpoint````
| join type=left user 
    [| rest /services/authentication/users splunk_server=local 
    | table title 
    | rename title as user]

regards,

Andreas

View solution in original post

sekhar463 · ‎07-27-2022

Thanks

schose · ‎07-26-2022

Hi,

basic idea: get users from web access log and join against the rest endpoint to get the realname, email..

````get all users for last 15m from web_access log````
index=_internal  sourcetype=splunk_web_access earliest=-15m@m 
| stats count by user 
````join users from rest endpoint````
| join type=left user 
    [| rest /services/authentication/users splunk_server=local 
    | table title 
    | rename title as user]

regards,

Andreas

Is there any way to create dashboard for to check current login users into splunk?

administration

troubleshooting

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...