List all current users.

Parameters

ParameterDescription
CountThe maximum number of results to return. If value is set to 0, then all available results are returned.
OffsetThe first result (inclusive) from which to begin returning data. This value is 0-indexed. Default value is 0. In 4.1+, negative offsets are allowed and are added to count to compute the absolute offset (for example, offset=-1 is the last available offset). Offsets in the results are always absolute and never negative.

Example Output

{
	"links": {
		"create": "/services/authentication/users/_new"
	},
	"origin": "/services/authentication/users",
	"updated": "2023-01-15T10:34:32+02:00",
	"generator": {
		"build": "dd0128b1f8cd",
		"version": "9.0.3"
	},
	"entry": [
		{
			"name": "example",
			"id": "/services/authentication/users/example",
			"updated": "1970-01-01T02:00:00+02:00",
			"links": {
				"alternate": "/services/authentication/users/example",
				"list": "/services/authentication/users/example",
				"edit": "/services/authentication/users/example"
			},
			"author": "system",
			"acl": {
				"app": "",
				"can_list": true,
				"can_write": true,
				"modifiable": false,
				"owner": "system",
				"perms": {
					"read": [
						"*"
					],
					"write": [
						"*"
					]
				},
				"removable": false,
				"sharing": "system"
			},
			"content": {
				"capabilities": [
					"accelerate_datamodel",
					"accelerate_search",
					"admin_all_objects",
					"apps_backup",
					"apps_restore",
					"change_authentication",
					"change_own_password",
					"delete_messages",
					"dispatch_rest_to_indexers",
					"edit_authentication_extensions",
					"edit_bookmarks_mc",
					"edit_cmd",
					"edit_deployment_client",
					"edit_deployment_server",
					"edit_dist_peer",
					"edit_encryption_key_provider",
					"edit_field_filter",
					"edit_forwarders",
					"edit_global_banner",
					"edit_health",
					"edit_httpauths",
					"edit_indexer_cluster",
					"edit_indexerdiscovery",
					"edit_ingest_rulesets",
					"edit_input_defaults",
					"edit_kvstore",
					"edit_local_apps",
					"edit_log_alert_event",
					"edit_manager_xml",
					"edit_metric_schema",
					"edit_metrics_rollup",
					"edit_modinput_logd",
					"edit_monitor",
					"edit_own_objects",
					"edit_restmap",
					"edit_roles",
					"edit_scripted",
					"edit_search_concurrency_all",
					"edit_search_head_clustering",
					"edit_search_schedule_priority",
					"edit_search_schedule_window",
					"edit_search_scheduler",
					"edit_search_server",
					"edit_server",
					"edit_server_crl",
					"edit_sourcetypes",
					"edit_splunktcp",
					"edit_splunktcp_ssl",
					"edit_splunktcp_token",
					"edit_statsd_transforms",
					"edit_tcp",
					"edit_tcp_stream",
					"edit_telemetry_settings",
					"edit_token_http",
					"edit_tokens_all",
					"edit_tokens_own",
					"edit_tokens_settings",
					"edit_udp",
					"edit_upload_and_index",
					"edit_user",
					"edit_view_html",
					"edit_web_features",
					"edit_web_settings",
					"edit_workload_policy",
					"edit_workload_pools",
					"edit_workload_rules",
					"embed_report",
					"export_results_is_visible",
					"fsh_manage",
					"fsh_search",
					"get_diag",
					"get_metadata",
					"get_typeahead",
					"indexes_edit",
					"input_file",
					"install_apps",
					"license_edit",
					"license_tab",
					"license_view_warnings",
					"list_accelerate_search",
					"list_all_objects",
					"list_cascading_plans",
					"list_deployment_client",
					"list_deployment_server",
					"list_dist_peer",
					"list_forwarders",
					"list_health",
					"list_httpauths",
					"list_indexer_cluster",
					"list_indexerdiscovery",
					"list_ingest_rulesets",
					"list_inputs",
					"list_introspection",
					"list_metrics_catalog",
					"list_pipeline_sets",
					"list_remote_input_queue",
					"list_remote_output_queue",
					"list_search_head_clustering",
					"list_search_scheduler",
					"list_settings",
					"list_storage_passwords",
					"list_token_http",
					"list_tokens_all",
					"list_tokens_own",
					"list_workload_policy",
					"list_workload_pools",
					"list_workload_rules",
					"merge_buckets",
					"metric_alerts",
					"never_expire",
					"never_lockout",
					"output_file",
					"pattern_detect",
					"read_internal_libraries_settings",
					"refresh_application_licenses",
					"request_remote_tok",
					"rest_access_server_endpoints",
					"rest_apps_management",
					"rest_apps_view",
					"rest_properties_get",
					"rest_properties_set",
					"restart_reason",
					"restart_splunkd",
					"rtsearch",
					"run_collect",
					"run_commands_ignoring_field_filter",
					"run_custom_command",
					"run_debug_commands",
					"run_dump",
					"run_mcollect",
					"run_msearch",
					"run_sendalert",
					"schedule_rtsearch",
					"schedule_search",
					"search",
					"search_process_config_refresh",
					"select_workload_pools",
					"splunk_assist_admin",
					"upload_lookup_files",
					"upload_mmdb_files",
					"use_file_operator",
					"use_remote_proxy",
					"web_debug"
				],
				"defaultApp": "launcher",
				"defaultAppIsUserOverride": false,
				"defaultAppSourceRole": "system",
				"eai:acl": null,
				"email": "example@blinkops.com",
				"lang": "",
				"last_successful_login": 1673771672,
				"locked-out": false,
				"password": "********",
				"realname": "Administrator",
				"restart_background_jobs": null,
				"roles": [
					"admin"
				],
				"search_assistant": "compact",
				"search_auto_format": false,
				"search_line_numbers": false,
				"search_syntax_highlighting": "light",
				"search_use_advanced_editor": true,
				"theme": "enterprise",
				"type": "Splunk",
				"tz": ""
			}
		}
	],
	"paging": {
		"total": 1,
		"perPage": 30,
		"offset": 0
	},
	"messages": []
}

Workflow Library Example

List Users with Splunk and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?