Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to retrieve current user in splunk?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ngatchasandra
Builder
04-30-2015
03:57 AM
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gfuente
Motivator
04-30-2015
04:09 AM
Hello
You can use this query to see logged users in splunk web:
| rest /services/authentication/httpauth-tokens | search (NOT userName="splunk-system-user") searchId=""
| table userName splunk_server timeAccessed |join type=left userName [| rest /services/authentication/users splunk_server=local
|fields title roles realname|rename title as userName|rename realname as Name]
|rename userName as User |rename splunk_server as "Splunk Server"|rename timeAccessed as "Time Accessed"|rename roles as Role
|table User,"Splunk Server",Name,Role
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gfuente
Motivator
04-30-2015
04:45 AM
Then you can use this:
http://answers.splunk.com/answers/28633/current-user-in-search.html
rest /services/authentication/current-context/context | fields + username
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ngatchasandra
Builder
04-30-2015
04:30 AM
thanks for your time .
How do i do to get only the current User.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gfuente
Motivator
04-30-2015
04:09 AM
Hello
You can use this query to see logged users in splunk web:
| rest /services/authentication/httpauth-tokens | search (NOT userName="splunk-system-user") searchId=""
| table userName splunk_server timeAccessed |join type=left userName [| rest /services/authentication/users splunk_server=local
|fields title roles realname|rename title as userName|rename realname as Name]
|rename userName as User |rename splunk_server as "Splunk Server"|rename timeAccessed as "Time Accessed"|rename roles as Role
|table User,"Splunk Server",Name,Role
Regards
Get Updates on the Splunk Community!
Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users
This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...
Everything Community at .conf24!
You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...
Index This | I’m short for "configuration file.” What am I?
May 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with a Special ...
