Splunk search for User activity for DB Connect App
Copy
index=_audit sourcetype=audittrail action="db_connect*" | eval Date=strftime(_time, "%b %d, %Y") |rex field=_raw "user=(?<user>\w+)," | stats count as Count by Date, user, info, action
This Splunk search will provide details on actions that Splunk users have taken within the DB Connect app. The search will show what action was taken, which user took the action, how many times the action was taken and when it occurred.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment