Splunk search for Users Running All Time Searches
Copy
index=_audit action=search info=completed search_et="N/A" search_lt="N/A" user!=splunk-system-user | stats count by user
This search will show the number of all time searches that each user in your environment has run within the time range searched.
0 comments
[0]
[0]
[0]
[0]
Sign in or Register to submit a comment