Splunk Search for Apps and Views that Users are Accessing Copy
index=_internal earliest=@d latest=now | stats latest(_time) as _time, values(view) as view, values(app) as app, values(uri) as uri by user
0 comments
Splunk Search for Recently Active Users Copy
index=_internal earliest=-5m latest=now sourcetype=splunk_web_access user!="internal_monitoring" user!="-" | stats count by user | fields - count
0 comments
Splunk Search for List of Users by Splunk Role Copy
| rest splunk_server=local /services/authentication/users | table title roles
0 comments