Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

retreiving current logged in user and using in search

googs524
Explorer
‎06-21-2017 05:07 PM

I tried below command to retrieve current logged in user

| rest /services/authentication/current-context | table username

But unable to use output of this as an input to another search to find something else. Any idea how I can get output of above command as input to another?

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎06-21-2017 06:46 PM

hello there,
many answers here:
https://answers.splunk.com/answers/11444/users-who-are-logged-in-right-now.html
https://answers.splunk.com/answers/3768/how-do-you-find-out-who-is-logged-onto-splunk-right-now.html
https://answers.splunk.com/answers/226555/how-to-find-how-many-users-are-logged-into-splunk.html
regarding how to use it in another command, is it within a dashboard or in the search itself?
in any case, there are plenty of answers here as well
here is an example:
https://answers.splunk.com/answers/207240/is-there-a-way-to-create-a-token-from-search-resul.html
hope it helps

0 Karma
Reply

googs524
Explorer
‎06-21-2017 09:27 PM

Thanks for your response. These are good points, but not specific to my requirement.

0 Karma
Reply

HiroshiSatoh
Champion
‎06-21-2017 06:43 PM

How do you want to use it?

index=* [| rest /services/authentication/current-context | table username]

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

Reply

googs524
Explorer
‎06-21-2017 09:25 PM

Thanks for the inputs. I tried below command and was able to get desired output upon modifying it. But the issue, I am facing is, if I convert that output of command as Single value visualization and create as a dashboard, it gives me nothing. It says " Search is waiting for input". Any idea how to resolve this?

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

0 Karma
Reply

HiroshiSatoh
Champion
‎06-22-2017 07:10 PM

Please tell me the search sentence.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...