Currently logged on username in search

christian_l · ‎06-25-2013

Hi there,

I'd like to build individual Dashboards per Splunk-User (LDAP mapped).
As there is a huge number of employes I'd like to build an dynamic dashboard which allows a user to see reports regarding his username.
Is there a way to extract the current username out of the user-session, so he can see only the data regarding his username?
I'd like to put this user-name variable into a search which filters then for the current username.

Is this possible?
Thank you.

Christian

ckurtz · ‎03-16-2015

Ayn's answer contains the username, but has a lot of extra information that the user inherits from it's roles.

Try:

| rest /services/authentication/current-context | table username

The result that isn't "splunk-system-user" is the current username.

Ayn · ‎06-25-2013

Yes, you can get the current username by calling the REST endpoint authentication/current-context via the rest command, like this:

| rest /services/authentication/current-context

christian_l · ‎06-25-2013

Hi Ayn,

thank you for your answer. As I tested your search my results also include other users. I just want to see the user who's currently doing this search. Can I filter out other users dynamically?

Btw: Will the | rest command need administration capabilities? If so I would need a other way which works for user/power users.

Currently logged on username in search

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!