Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

retreiving current logged in user and using in search

googs524
Explorer
‎06-21-2017 05:07 PM

I tried below command to retrieve current logged in user

| rest /services/authentication/current-context | table username

But unable to use output of this as an input to another search to find something else. Any idea how I can get output of above command as input to another?

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎06-21-2017 06:46 PM

hello there,
many answers here:
https://answers.splunk.com/answers/11444/users-who-are-logged-in-right-now.html
https://answers.splunk.com/answers/3768/how-do-you-find-out-who-is-logged-onto-splunk-right-now.html
https://answers.splunk.com/answers/226555/how-to-find-how-many-users-are-logged-into-splunk.html
regarding how to use it in another command, is it within a dashboard or in the search itself?
in any case, there are plenty of answers here as well
here is an example:
https://answers.splunk.com/answers/207240/is-there-a-way-to-create-a-token-from-search-resul.html
hope it helps

0 Karma
Reply

googs524
Explorer
‎06-21-2017 09:27 PM

Thanks for your response. These are good points, but not specific to my requirement.

0 Karma
Reply

HiroshiSatoh
Champion
‎06-21-2017 06:43 PM

How do you want to use it?

index=* [| rest /services/authentication/current-context | table username]

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

Reply

googs524
Explorer
‎06-21-2017 09:25 PM

Thanks for the inputs. I tried below command and was able to get desired output upon modifying it. But the issue, I am facing is, if I convert that output of command as Single value visualization and create as a dashboard, it gives me nothing. It says " Search is waiting for input". Any idea how to resolve this?

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

0 Karma
Reply

HiroshiSatoh
Champion
‎06-22-2017 07:10 PM

Please tell me the search sentence.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...