Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Index Modifications

_internal

Description

Submitted by john117

This Splunk query should show which users attempted to modify an index and if that action was successful:
1 1 
index=_audit user=* action=indexes_edit | stats count by index info user action

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom