The following Splunk query will show a table of all users and their roles:
1 |
| rest /services/authentication/users | stats values(roles) as Roles by user |
I’ve found the following query to work better in my environment:
1 |
| rest /services/authentication/users | stats values(roles) as Roles by title |