Currently logged on username in search

christian_l · ‎06-25-2013

Hi there,

I'd like to build individual Dashboards per Splunk-User (LDAP mapped).
As there is a huge number of employes I'd like to build an dynamic dashboard which allows a user to see reports regarding his username.
Is there a way to extract the current username out of the user-session, so he can see only the data regarding his username?
I'd like to put this user-name variable into a search which filters then for the current username.

Is this possible?
Thank you.

Christian

ckurtz · ‎03-16-2015

Ayn's answer contains the username, but has a lot of extra information that the user inherits from it's roles.

Try:

| rest /services/authentication/current-context | table username

The result that isn't "splunk-system-user" is the current username.

Ayn · ‎06-25-2013

Yes, you can get the current username by calling the REST endpoint authentication/current-context via the rest command, like this:

| rest /services/authentication/current-context

christian_l · ‎06-25-2013

Hi Ayn,

thank you for your answer. As I tested your search my results also include other users. I just want to see the user who's currently doing this search. Can I filter out other users dynamically?

Btw: Will the | rest command need administration capabilities? If so I would need a other way which works for user/power users.

Currently logged on username in search

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...