Want to get a list REST API users and their IPs?
Run this search
Splunk SPL to get a list of REST API users and their IPs
user != "-"
clientip != "IP_of_SH1" clientip != "IP_of_SH2" clientip != “IP_of_SH3”
| stats values(clientip) by user
The limitation is if the users are going via a Load Balancer, you will see Load Balancer’s IP as the clientip