Splunk Search

help with splunk query for getting current concurrency configs & utlization and role utilization

Sid
Explorer

I am trying to setup a dashboard which gives me details like user's current concurrency settings & roles utilization , if someone has implemented this kind of dashboard please help

0 Karma

_JP
Contributor

Are you interest in this user info in context of the users for your Splunk environment, or are you looking at some other data to analyze the users?

For Splunk, you can start with SPL that will query the REST interface, like this:

| rest /services/authentication/users

 

If you want information on a particular user (e.g. fred), you can specify that name in the REST call like this:

| rest /services/authentication/users/fred

You can get a lot of info on what capabilities they have and other metadata about that user.

 

More info here.

 

0 Karma

Sid
Explorer

@_JP

on current setting part i am kind of good with below query 
| rest splunk_server=local /services/authentication/users
| fields title, roles
| mvexpand roles
| append [ | rest splunk_server=local /services/authorization/roles
| fields title srchDiskQuota rtSrchJobsQuota srchJobsQuota cumulativeSrchJobsQuota cumulativeRTSrchJobsQuota
| rename title as roles]
| stats values(srchDiskQuota) as srchDiskQuota, values(rtSrchJobsQuota) as rtSrchJobsQuota, values(srchJobsQuota) as srchJobsQuota, values(cumulativeSrchJobsQuota) as cumulativeSrchJobsQuota, values(title) as userid, values(cumulativeRTSrchJobsQuota) AS cumulativeRTSrchJobsQuota by roles
| mvexpand userid
| stats values(srchDiskQuota) as srchDiskQuota, values(rtSrchJobsQuota) as rtSrchJobsQuota, values(srchJobsQuota) as srchJobsQuota, values(cumulativeSrchJobsQuota) as cumulativeSrchJobsQuota,values(cumulativeRTSrchJobsQuota) AS cumulativeRTSrchJobsQuota by userid roles

just want to get details on current utilization by user/role & more of search concurrency settings (resource utilization etc)

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...