I need to plug in the logged in user id and build a search query. How do I accomplish this ? I see
cherrypy.session['user']['name'] command provides something similar to this. How do I incorporate this command (or something similar) in my search query.
Thanks
Sriram
There is a sneaky way this can be accomplished out of box using macros. I can explain that further if needed. I've also just uploaded an app called 'whoami'. Let me know how it works for you or if you have any feature requests or improvement ideas.
You can also (in 4.3+) get this information from the rest
command:
something like this will add a new username field to your events:
| join [rest /services/authentication/current-context splunk_server=local| fields + username]
There is a sneaky way this can be accomplished out of box using macros. I can explain that further if needed. I've also just uploaded an app called 'whoami'. Let me know how it works for you or if you have any feature requests or improvement ideas.
I sporadically get this error for some user ids. Any ideas why I am getting these. I am not sure whether it is id related or something else.
[subsearch]: External search command 'whoami'returned error code 1.
Here is the query.
index=cc_user_summary source=list_users [| whoami fieldname=userUid | fields userUid ] | dedup displayName
This worked like a charm. Thank you very much.