Create User
Create a user in Splunk Enterprise Security.
Input
| Field | Definition | Type | Required |
|---|---|---|---|
|
User |
|||
|
Username |
Username of the user. |
Text |
TRUE |
|
Email Address |
The email address of the user. |
Text |
FALSE |
|
Password |
The password of the user. It must meet minimum criteria. |
Text |
TRUE |
|
Full Name |
Name of the user. |
Text |
FALSE |
|
Default App |
User default app to be assigned for the user to be created. This setting overrides the default app inherited from the user roles.
|
Dropdown |
FALSE |
|
Should Force Change Pass |
If true, the user is prompted to change their password. |
True/False |
FALSE |
|
Should Restart Background Jobs |
If true, incomplete background search jobs that haven't completed are restarted when Splunk restarts. |
True/False |
FALSE |
|
Roles |
Roles to assign to the user. To assign multiple roles, pass in each role in the list.
You can create a user without any inputs to this field. In this case, a custom role with the format (user-{username}) is assigned automatically to the user. If the user is deleted after creation, the role isn't automatically deleted. |
List of Text |
FALSE |
|
Time zone |
Time zone of the user. |
Dropdown |
FALSE |
Output
| Field | Definition | Type |
|---|---|---|
|
User Details |
||
|
Username |
Username of the user. |
Text |
|
ID |
Unique identifier of the user. |
Text |
|
Author |
The user who executed the search for the user. By default, the author is System. |
Text |
|
Acl |
Access control system permissions for the user. |
Object |
|
Fields |
The required and optional fields for the user. |
Object |
|
Default App Source Role |
The role that determines the default app for the user if they have multiple roles. |
Text |
|
Display New Search Banner |
A global banner that remains visible to all users on all UI pages across the product. |
True/False |
|
Language |
The language of a log message or event. |
Text |
|
Last Successful Login |
The time stamp of the most recent successful login. |
Text |
|
Search Assistant |
The mode of the search assistant.
|
Text |
|
Search Auto Format |
The status of automatic formatting of search syntax. It's False by default. |
True/False |
|
Search Line Numbers |
Indicates whether the display of line numbers is on or off in the search bar. It's False by default. |
True/False |
|
Search Syntax Highlighting |
The current theme that's in place for the search bar. You can turn syntax highlighting colors off by changing the color theme to Black on White. This is useful for people who have difficulty distinguishing between different colors. |
Text |
|
Search Use Advanced Editor |
Indicates whether the advanced editor for search is on or off. |
True/False |
|
Theme |
The current search bar theme.
|
Text |
|
Capabilities |
List of capabilities assigned to the role. |
List of Text |
|
Default App |
The default app for the user. This setting overrides the default app inherited from the user role. |
Text |
|
Is Default App User Override |
Indicates whether the default app overrides the user-role default app. |
True/False |
|
Email Address |
The email address of the user. |
Text |
|
Is Locked Out |
Indicates whether the user is locked out. |
True/False |
|
Full Name |
Name of the user. |
Text |
|
Should Restart Background Jobs |
If true, incomplete background search jobs that haven't completed are restarted when Splunk restarts. |
True/False |
|
Roles |
Role to assign to the user. To assign multiple roles, pass in each role in the list.
|
List of Text |
|
Type |
Displays one of the following user authentication system types:
|
Text |
|
Time zone |
Time zone of the user. |
Text |
|
Raw Output |
Raw payload returned from the Splunk Enterprise Security API. |
Object |
Related topics
Splunk Enterprise Security connector
Cards in flows