Solved: Get current user from Custom Search Command

maxdouglas · ‎03-26-2019

Hello Splunkers,

I am developing an app containing a Custom Generating Search Command. (I think the Generating part is irrelevant for this case)
I need my custom command to get the user who executed this search.

Following the page below, I got to this code, which returns the wrong user:
http://dev.splunk.com/view/python-sdk/SP-CAAAEJ6#currentuser

from splunklib.searchcommands import GeneratingCommand, dispatch, Configuration
from splunklib import client

@Configuration(streaming=True, local=True)
class MyCommand(GeneratingCommand):
    def generate(self):
        service = client.connect(username='fixed_user', password='fixed_password')
        user = service.username  # user is fixed_user, not the current user
        yield {'_time': time.time(),'_raw': user}

dispatch(MyCommand, sys.argv, sys.stdin, sys.stdout, __name__)

When I execute the search | mycommand on Splunk Web, I get fixed_user, not the current logged user.
How can my custom command know which user is calling it?

anatoliikostin · ‎11-18-2019

You can make use of self which is passed into generate(self):

user = self._metadata.searchinfo.username

View solution in original post

anatoliikostin · ‎11-18-2019

You can make use of self which is passed into generate(self):

user = self._metadata.searchinfo.username

Get current user from Custom Search Command

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...