Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

retreiving current logged in user and using in search

googs524
Explorer
‎06-21-2017 05:07 PM

I tried below command to retrieve current logged in user

| rest /services/authentication/current-context | table username

But unable to use output of this as an input to another search to find something else. Any idea how I can get output of above command as input to another?

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎06-21-2017 06:46 PM

hello there,
many answers here:
https://answers.splunk.com/answers/11444/users-who-are-logged-in-right-now.html
https://answers.splunk.com/answers/3768/how-do-you-find-out-who-is-logged-onto-splunk-right-now.html
https://answers.splunk.com/answers/226555/how-to-find-how-many-users-are-logged-into-splunk.html
regarding how to use it in another command, is it within a dashboard or in the search itself?
in any case, there are plenty of answers here as well
here is an example:
https://answers.splunk.com/answers/207240/is-there-a-way-to-create-a-token-from-search-resul.html
hope it helps

0 Karma
Reply

googs524
Explorer
‎06-21-2017 09:27 PM

Thanks for your response. These are good points, but not specific to my requirement.

0 Karma
Reply

HiroshiSatoh
Champion
‎06-21-2017 06:43 PM

How do you want to use it?

index=* [| rest /services/authentication/current-context | table username]

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

Reply

googs524
Explorer
‎06-21-2017 09:25 PM

Thanks for the inputs. I tried below command and was able to get desired output upon modifying it. But the issue, I am facing is, if I convert that output of command as Single value visualization and create as a dashboard, it gives me nothing. It says " Search is waiting for input". Any idea how to resolve this?

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

0 Karma
Reply

HiroshiSatoh
Champion
‎06-22-2017 07:10 PM

Please tell me the search sentence.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...