- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- help with splunk query for getting current concurr...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
help with splunk query for getting current concurrency configs & utlization and role utilization
I am trying to setup a dashboard which gives me details like user's current concurrency settings & roles utilization , if someone has implemented this kind of dashboard please help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you interest in this user info in context of the users for your Splunk environment, or are you looking at some other data to analyze the users?
For Splunk, you can start with SPL that will query the REST interface, like this:
| rest /services/authentication/users
If you want information on a particular user (e.g. fred), you can specify that name in the REST call like this:
| rest /services/authentication/users/fredYou can get a lot of info on what capabilities they have and other metadata about that user.
More info here.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@_JP
on current setting part i am kind of good with below query
| rest splunk_server=local /services/authentication/users
| fields title, roles
| mvexpand roles
| append [ | rest splunk_server=local /services/authorization/roles
| fields title srchDiskQuota rtSrchJobsQuota srchJobsQuota cumulativeSrchJobsQuota cumulativeRTSrchJobsQuota
| rename title as roles]
| stats values(srchDiskQuota) as srchDiskQuota, values(rtSrchJobsQuota) as rtSrchJobsQuota, values(srchJobsQuota) as srchJobsQuota, values(cumulativeSrchJobsQuota) as cumulativeSrchJobsQuota, values(title) as userid, values(cumulativeRTSrchJobsQuota) AS cumulativeRTSrchJobsQuota by roles
| mvexpand userid
| stats values(srchDiskQuota) as srchDiskQuota, values(rtSrchJobsQuota) as rtSrchJobsQuota, values(srchJobsQuota) as srchJobsQuota, values(cumulativeSrchJobsQuota) as cumulativeSrchJobsQuota,values(cumulativeRTSrchJobsQuota) AS cumulativeRTSrchJobsQuota by userid roles
just want to get details on current utilization by user/role & more of search concurrency settings (resource utilization etc)
Introducing the Splunk Community Dashboard Challenge!
Get the T-shirt to Prove You Survived Splunk University Bootcamp
Wondering How to Build Resiliency in the Cloud?
