Hello
You can use this query to see logged users in splunk web:
| rest /services/authentication/httpauth-tokens | search (NOT userName="splunk-system-user") searchId=""
| table userName splunk_server timeAccessed |join type=left userName [| rest /services/authentication/users splunk_server=local
|fields title roles realname|rename title as userName|rename realname as Name]
|rename userName as User |rename splunk_server as "Splunk Server"|rename timeAccessed as "Time Accessed"|rename roles as Role
|table User,"Splunk Server",Name,Role
Regards
Then you can use this:
http://answers.splunk.com/answers/28633/current-user-in-search.html
rest /services/authentication/current-context/context | fields + username
Regards
thanks for your time .
How do i do to get only the current User.
Hello
You can use this query to see logged users in splunk web:
| rest /services/authentication/httpauth-tokens | search (NOT userName="splunk-system-user") searchId=""
| table userName splunk_server timeAccessed |join type=left userName [| rest /services/authentication/users splunk_server=local
|fields title roles realname|rename title as userName|rename realname as Name]
|rename userName as User |rename splunk_server as "Splunk Server"|rename timeAccessed as "Time Accessed"|rename roles as Role
|table User,"Splunk Server",Name,Role
Regards