Hi all,
I'm trying to create a search that gives me back a table of all Apps and the amount of users that have access to it.
I can generate a list with all indexes and the amount of users that have access to it but I can't think of a way to do the same with Apps. I can generate who has accessed the app and when, but I can't seem to generate a list with the amount of users that have access to a specific app.
Anyone with an idea?
Start with this query to get a list of apps and the roles allowed to read (access) them. An asterisk (*) means all roles have access. Then cross-reference that with your list of roles and users with those roles.
| rest splunk_server=local /servicesNS/-/-/apps/local | search * | fields title eai:acl.perms.read