We want to restrict certain usergroups possibility to search in Splunk based on a dynamic parameter
For instance Merchant group A should have this search restriction: index=business-events merchantid=1 Merchant group B should have this search restriction: index=business-events merchantid=2
Could this be done using this search restriction: index=business-events merchantid={currentuser.merchantid}
Could this be done through a database lookup?