Show Searches with Details (Who | When | What)

The following Splunk search will show a list of searches ran on a splunk server with the following details: Who ran the search What sourcetype was used What index was used What the search string was When the search was last ran

Continue Reading →

List All Splunk Users & Associated Roles

The following Splunk query will show a table of all users and their roles:

*Admin Notes* I’ve found the following query to work better in my environment:

Continue Reading →

Index Modifications

This Splunk query should show which users attempted to modify an index and if that action was successful:

Continue Reading →