- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Determine currently logged in username
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Determine currently logged in username
How do I determine the username of the currently logged in user from a python script? Elsewhere we are using scripted auth and that python script has several methods that Splunk calls and passes in the username; each method makes a HTTP POST to a REST API running on one of our servers. We need to use a similar approach to what we do in scripted auth's getUserInfo method, but have it be invoked from a custom command (defined in commands.conf), which means that the username won't be passed in. I assume that there is some way to get the current username, just haven't been able to find it yet. Thanks for any pointers,
Tom
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can extract it from the auth token.
First, in the definition of your search command in commands.conf, set
[yourcommand]
filename = yourcommand.py
passauth = true
Your script will then receive a token that looks like:
<auth>
<userId>admin</userId>
<username>admin</username>
<authToken>cbd900f3b28014a1e233679d05dcd805</authToken>
</auth>
(Note: The auth token will actually be in a single line with no whitespace. The above formatting is only for readability.)
Once you have that, it's just a matter of extracting the username from the string. For example, if you're using InterSplunk:
import splunk.Intersplunk as si
results, dummyresults, settings = si.getOrganizedResults()
authString = settings.get("authString", None)
if authString != None:
start = authString.find('<userId>') + 8
stop = authString.find('</userId>')
user = authString[start:stop]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Is there any pre-req in order to use the above script? I inserted to my .py and return error code 1.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like settings["owner"] will directly gives the user ID.
import splunk.Intersplunk
results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
splunk.Intersplunk.outputResults([{"user": settings["owner"]}])
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you try the cherrypy session object?
import cherrypy
user = cherrypy.session['user'].get('name')
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried your method, but received an error. Any ideas on the following?
AttributeError: 'module' object has no attribute 'session'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
BTW, we are currently on Splunk 4.1.4 in case that changes things
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
