Splunk search for Modifications to indexes
Copy
index=_audit user=* action=indexes_edit | stats count by user, info, index, action | fields - count
This search will output any times that a Splunk index was changed. The search will list the user that made the change, if it was successful, which index was changed, and what the action was.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment