Splunk search for Indexes Created by Users

Copy
index=_internal sourcetype=splunk_python action="handleCreate" | stats latest(_time) as _time by loginUsername indexName
This search will return a table showing which users created which indexes in the time period searched.
0 comments

Category:

Admin


Tags:

Admin indexes audit administration index creation index

Search Commands:

Sign in or Register to submit a comment