ISbyR

Search

Skip to content

Nodes Observer
XRPL Servers Observer
About

Search for:

Monthly Archives: October 2019

Splunk – List REST API users and their IPs

October 17, 2019 Ilya Reshetnikov Leave a comment

Want to get a list REST API users and their IPs?

Run this search

index=_internal
host IN(SH1,SH2,SH3)
sourcetype=splunkd_access
user != "-"
clientip != "IP_of_SH1" clientip != "IP_of_SH2" clientip != “IP_of_SH3”
NOT TERM(127.0.0.1)
NOT TERM(splunk-system-user)
| stats values(clientip) by user

The limitation is if the users are going via a Load Balancer, you will see Load Balancer’s IP as the clientip

REST Splunk

If you would like to hear from me…

Email address

I consent to my submitted data being collected via this form

Leave this field empty if you're human:

Infrequent Smarts by Reshetnikov

Search for: