Re: retreiving current logged in user and using in...

googs524 · ‎06-21-2017

I tried below command to retrieve current logged in user

| rest /services/authentication/current-context | table username

But unable to use output of this as an input to another search to find something else. Any idea how I can get output of above command as input to another?

adonio · ‎06-21-2017

hello there,
many answers here:
https://answers.splunk.com/answers/11444/users-who-are-logged-in-right-now.html
https://answers.splunk.com/answers/3768/how-do-you-find-out-who-is-logged-onto-splunk-right-now.html
https://answers.splunk.com/answers/226555/how-to-find-how-many-users-are-logged-into-splunk.html
regarding how to use it in another command, is it within a dashboard or in the search itself?
in any case, there are plenty of answers here as well
here is an example:
https://answers.splunk.com/answers/207240/is-there-a-way-to-create-a-token-from-search-resul.html
hope it helps

googs524 · ‎06-21-2017

Thanks for your response. These are good points, but not specific to my requirement.

HiroshiSatoh · ‎06-21-2017

How do you want to use it?

index=* [| rest /services/authentication/current-context | table username]

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

googs524 · ‎06-21-2017

Thanks for the inputs. I tried below command and was able to get desired output upon modifying it. But the issue, I am facing is, if I convert that output of command as Single value visualization and create as a dashboard, it gives me nothing. It says " Search is waiting for input". Any idea how to resolve this?

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

HiroshiSatoh · ‎06-22-2017

Please tell me the search sentence.

retreiving current logged in user and using in search

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!