| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections | search [ | rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_inputs | search disabled=0 | stats count by connection | fields - count | rename connection as title | format ] | table title connection_type database host identity port
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_inputs
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-identities
| rename title as user_title
| map [ | rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections | search disabled=0 AND identity="$user_title$" | eval username="$username$", domain_name="$domain_name$" ]
| table title connection_type database host identity username domain_name
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-identities
0 comments
[0]
[0]
[0]
[0]
| rest splunk_server=local /servicesNS/-/splunk_app_db_connect/configs/conf-db_connections
0 comments
[0]
[0]
[0]
[0]
index=_audit sourcetype=audittrail action="db_connect_execute_query" | rex field=_raw "\sREST:\s\/db_connect\/query\/.+SELECT(?<Query>.+)].\w\S\w]" | eval Query=urldecode(Query) | table timestamp user Query
0 comments
[0]
[0]
[0]
[0]