Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

retreiving current logged in user and using in search

googs524
Explorer
‎06-21-2017 05:07 PM

I tried below command to retrieve current logged in user

| rest /services/authentication/current-context | table username

But unable to use output of this as an input to another search to find something else. Any idea how I can get output of above command as input to another?

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎06-21-2017 06:46 PM

hello there,
many answers here:
https://answers.splunk.com/answers/11444/users-who-are-logged-in-right-now.html
https://answers.splunk.com/answers/3768/how-do-you-find-out-who-is-logged-onto-splunk-right-now.html
https://answers.splunk.com/answers/226555/how-to-find-how-many-users-are-logged-into-splunk.html
regarding how to use it in another command, is it within a dashboard or in the search itself?
in any case, there are plenty of answers here as well
here is an example:
https://answers.splunk.com/answers/207240/is-there-a-way-to-create-a-token-from-search-resul.html
hope it helps

0 Karma
Reply

googs524
Explorer
‎06-21-2017 09:27 PM

Thanks for your response. These are good points, but not specific to my requirement.

0 Karma
Reply

HiroshiSatoh
Champion
‎06-21-2017 06:43 PM

How do you want to use it?

index=* [| rest /services/authentication/current-context | table username]

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

Reply

googs524
Explorer
‎06-21-2017 09:25 PM

Thanks for the inputs. I tried below command and was able to get desired output upon modifying it. But the issue, I am facing is, if I convert that output of command as Single value visualization and create as a dashboard, it gives me nothing. It says " Search is waiting for input". Any idea how to resolve this?

| rest /services/authentication/current-context | table username|map search="search index=* username=$username$"

0 Karma
Reply

HiroshiSatoh
Champion
‎06-22-2017 07:10 PM

Please tell me the search sentence.

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...