Splunk Search

Currently logged on username in search

Path Finder

Hi there,

I'd like to build individual Dashboards per Splunk-User (LDAP mapped).
As there is a huge number of employes I'd like to build an dynamic dashboard which allows a user to see reports regarding his username.
Is there a way to extract the current username out of the user-session, so he can see only the data regarding his username?
I'd like to put this user-name variable into a search which filters then for the current username.

Is this possible?
Thank you.


Path Finder

Ayn's answer contains the username, but has a lot of extra information that the user inherits from it's roles.


| rest /services/authentication/current-context | table username

The result that isn't "splunk-system-user" is the current username.


Yes, you can get the current username by calling the REST endpoint authentication/current-context via the rest command, like this:

| rest /services/authentication/current-context

Path Finder

Hi Ayn,

thank you for your answer. As I tested your search my results also include other users. I just want to see the user who's currently doing this search. Can I filter out other users dynamically?

Btw: Will the | rest command need administration capabilities? If so I would need a other way which works for user/power users.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!