SPL
Show all successful splunk configuration changes by user
Description
2 2
index=_audit action=edit* info=granted operation!=list host= object=* | transaction action user operation host maxspan=30s | stats values(action) as action values(object) as modified_object by _time,operation,user,host | rename user as modified_by | table _time action modified_object modified_by
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.