List Users
List all current users.
Parameters
| Parameter | Description |
|---|---|
| Count | The maximum number of results to return. If value is set to 0, then all available results are returned. |
| Offset | The first result (inclusive) from which to begin returning data. This value is 0-indexed. Default value is 0. In 4.1+, negative offsets are allowed and are added to count to compute the absolute offset (for example, offset=-1 is the last available offset). Offsets in the results are always absolute and never negative. |
Example Output
{
"links": {
"create": "/services/authentication/users/_new"
},
"origin": "/services/authentication/users",
"updated": "2023-01-15T10:34:32+02:00",
"generator": {
"build": "dd0128b1f8cd",
"version": "9.0.3"
},
"entry": [
{
"name": "example",
"id": "/services/authentication/users/example",
"updated": "1970-01-01T02:00:00+02:00",
"links": {
"alternate": "/services/authentication/users/example",
"list": "/services/authentication/users/example",
"edit": "/services/authentication/users/example"
},
"author": "system",
"acl": {
"app": "",
"can_list": true,
"can_write": true,
"modifiable": false,
"owner": "system",
"perms": {
"read": [
"*"
],
"write": [
"*"
]
},
"removable": false,
"sharing": "system"
},
"content": {
"capabilities": [
"accelerate_datamodel",
"accelerate_search",
"admin_all_objects",
"apps_backup",
"apps_restore",
"change_authentication",
"change_own_password",
"delete_messages",
"dispatch_rest_to_indexers",
"edit_authentication_extensions",
"edit_bookmarks_mc",
"edit_cmd",
"edit_deployment_client",
"edit_deployment_server",
"edit_dist_peer",
"edit_encryption_key_provider",
"edit_field_filter",
"edit_forwarders",
"edit_global_banner",
"edit_health",
"edit_httpauths",
"edit_indexer_cluster",
"edit_indexerdiscovery",
"edit_ingest_rulesets",
"edit_input_defaults",
"edit_kvstore",
"edit_local_apps",
"edit_log_alert_event",
"edit_manager_xml",
"edit_metric_schema",
"edit_metrics_rollup",
"edit_modinput_logd",
"edit_monitor",
"edit_own_objects",
"edit_restmap",
"edit_roles",
"edit_scripted",
"edit_search_concurrency_all",
"edit_search_head_clustering",
"edit_search_schedule_priority",
"edit_search_schedule_window",
"edit_search_scheduler",
"edit_search_server",
"edit_server",
"edit_server_crl",
"edit_sourcetypes",
"edit_splunktcp",
"edit_splunktcp_ssl",
"edit_splunktcp_token",
"edit_statsd_transforms",
"edit_tcp",
"edit_tcp_stream",
"edit_telemetry_settings",
"edit_token_http",
"edit_tokens_all",
"edit_tokens_own",
"edit_tokens_settings",
"edit_udp",
"edit_upload_and_index",
"edit_user",
"edit_view_html",
"edit_web_features",
"edit_web_settings",
"edit_workload_policy",
"edit_workload_pools",
"edit_workload_rules",
"embed_report",
"export_results_is_visible",
"fsh_manage",
"fsh_search",
"get_diag",
"get_metadata",
"get_typeahead",
"indexes_edit",
"input_file",
"install_apps",
"license_edit",
"license_tab",
"license_view_warnings",
"list_accelerate_search",
"list_all_objects",
"list_cascading_plans",
"list_deployment_client",
"list_deployment_server",
"list_dist_peer",
"list_forwarders",
"list_health",
"list_httpauths",
"list_indexer_cluster",
"list_indexerdiscovery",
"list_ingest_rulesets",
"list_inputs",
"list_introspection",
"list_metrics_catalog",
"list_pipeline_sets",
"list_remote_input_queue",
"list_remote_output_queue",
"list_search_head_clustering",
"list_search_scheduler",
"list_settings",
"list_storage_passwords",
"list_token_http",
"list_tokens_all",
"list_tokens_own",
"list_workload_policy",
"list_workload_pools",
"list_workload_rules",
"merge_buckets",
"metric_alerts",
"never_expire",
"never_lockout",
"output_file",
"pattern_detect",
"read_internal_libraries_settings",
"refresh_application_licenses",
"request_remote_tok",
"rest_access_server_endpoints",
"rest_apps_management",
"rest_apps_view",
"rest_properties_get",
"rest_properties_set",
"restart_reason",
"restart_splunkd",
"rtsearch",
"run_collect",
"run_commands_ignoring_field_filter",
"run_custom_command",
"run_debug_commands",
"run_dump",
"run_mcollect",
"run_msearch",
"run_sendalert",
"schedule_rtsearch",
"schedule_search",
"search",
"search_process_config_refresh",
"select_workload_pools",
"splunk_assist_admin",
"upload_lookup_files",
"upload_mmdb_files",
"use_file_operator",
"use_remote_proxy",
"web_debug"
],
"defaultApp": "launcher",
"defaultAppIsUserOverride": false,
"defaultAppSourceRole": "system",
"eai:acl": null,
"email": "example@blinkops.com",
"lang": "",
"last_successful_login": 1673771672,
"locked-out": false,
"password": "********",
"realname": "Administrator",
"restart_background_jobs": null,
"roles": [
"admin"
],
"search_assistant": "compact",
"search_auto_format": false,
"search_line_numbers": false,
"search_syntax_highlighting": "light",
"search_use_advanced_editor": true,
"theme": "enterprise",
"type": "Splunk",
"tz": ""
}
}
],
"paging": {
"total": 1,
"perPage": 30,
"offset": 0
},
"messages": []
}
Workflow Library Example
List Users with Splunk and Send Results Via Email
Preview this Workflow on desktop