List All Splunk Users & Associated Roles

The following Splunk query will show a table of all users and their roles:

| rest /services/authentication/users | stats values(roles) as Roles by user

1	\| rest /services/authentication/users \| stats values(roles) as Roles by user

*Admin Notes*
I’ve found the following query to work better in my environment:

| rest /services/authentication/users | stats values(roles) as Roles by title

1	\| rest /services/authentication/users \| stats values(roles) as Roles by title

Share This:

Tagged: _audit _internal admin REST splunk on splunk

Leave A Comment? Click here to cancel reply.

Newest | Active

jwalthour

active 4 days ago
SplunkNinja

active 5 days, 21 hours ago
Ричард

active 1 week, 1 day ago
mselvamoorthy

active 1 week, 2 days ago
husyvy

active 1 week, 3 days ago