Splunk search for Searches by user
Copy
index=_audit search=* NOT (search_id='scheduler* OR search_id='Summary*) | timechart span=1d count by user usenull=f
This Splunk search will provide a count of the number of searches run by each Splunk user per day over the timeframe selected.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment