List All Splunk Users & Associated Roles

The following Splunk query will show a table of all users and their roles:

| rest /services/authentication/users | stats values(roles) as Roles by user

1	\| rest /services/authentication/users \| stats values(roles) as Roles by user

*Admin Notes*
I’ve found the following query to work better in my environment:

| rest /services/authentication/users | stats values(roles) as Roles by title

1	\| rest /services/authentication/users \| stats values(roles) as Roles by title

Share This:

Tagged: _audit _internal admin REST splunk on splunk

Leave A Comment? Click here to cancel reply.

Newest | Active

oksey2021

Active 18 hours, 50 minutes ago
Lyxx

Active 2 days, 6 hours ago
jeffrey.nickle@lpnt.net

Active 2 days, 13 hours ago
Расим

Active 3 days, 10 hours ago
Аким

Active 4 days, 23 hours ago