Show all currently logged in users

REST
ItsJohnLocke
1 Comment
You already voted!

Use this Splunk rest query to list all currently logged in users (to your Splunk server).

| rest /services/authentication/current-context | search NOT username=”splunk-system-user” | table username roles updated

Share This:

Tagged: REST splunk users

Comments

Mark May 15, 2019 at 6:33 am

I am not sure what updated is supposed to do… but, it looked like something close to epoc time? Anyway, I cut it off and the query looked cleaner?

Reply

Leave A Comment? Click here to cancel reply.

Newest | Active

Rituparna kar

Active 2 hours, 39 minutes ago
Iryna

Active 1 day ago
tenderpale6

Active 1 day, 7 hours ago
theproducer

Active 1 day, 12 hours ago
selljacket4

Active 1 day, 21 hours ago