List All Splunk Users & Associated Roles

The following Splunk query will show a table of all users and their roles:

| rest /services/authentication/users | stats values(roles) as Roles by user

1	\| rest /services/authentication/users \| stats values(roles) as Roles by user

*Admin Notes*
I’ve found the following query to work better in my environment:

| rest /services/authentication/users | stats values(roles) as Roles by title

1	\| rest /services/authentication/users \| stats values(roles) as Roles by title

Share This:

Tagged: _audit _internal admin REST splunk on splunk

Leave A Comment? Click here to cancel reply.

Newest | Active

Юрий

active 3 hours, 53 minutes ago
wangrui

active 9 hours, 29 minutes ago
Дана

active 22 hours, 45 minutes ago
Эрик

active 1 day ago
SplunkNinja

active 1 day, 3 hours ago