Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Report on users & roles

chris
Motivator
‎09-08-2011 12:34 AM

Is there an easy way I can list & export all users that have a certain role or that have access to a certain index or a certain capability?

It would be nice if I could do something like:

| metadata type=users

or
index=_users role=xy

or any other method would be ok

Tags (3)
0 Karma
Reply

Ant1D
Motivator
‎09-13-2011 03:14 AM

The following search will show you what capabilities each user has used within the timeframe that you set:

index=_audit user=* action=* | dedup user action | stats list(action) AS actions by user

Reply

chris
Motivator
‎09-21-2011 09:02 AM

Thanks for looking into this.

0 Karma
Reply

Ant1D
Motivator
‎09-21-2011 03:41 AM

I had a look at this earlier today. I haven't had much luck. There doesn't appear to be a straightforward way of achieving this format of mapping.

0 Karma
Reply

Ant1D
Motivator
‎09-14-2011 06:00 AM

Makes sense. I will have a go when I get a minute.

0 Karma
Reply

chris
Motivator
‎09-14-2011 02:25 AM

Thank you for your answer. It kind of helps. I guess the real requirement behind my question is the following: The owner of some data that is in Splunk wants to know who had access to "his" data (=index) at a specific point in time and if the person has read only or also delete priviledges & what priviledges have been used. So you answer helps in showing what priviledges have been used. But I would also like to have a index to role to user mapping ... does that make sense?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...