Reports Owned by Admin Users and Writable by Others


I got a little fancy there with 

. The link is for clicking from the inline table of the alert email. You can easily skip that.

Continue Reading →

Disk Usage per Index by Indexer

Summary: Instead of grabbing data from all time, using the dbinspect command will allow administrators to quickly determine how big an index is.  There are additional fields in the dbinspect, so explore that to gain other data pivots.  

Continue Reading →

Show Searches with Details (Who | When | What)

The following Splunk search will show a list of searches ran on a splunk server with the following details: Who ran the search What sourcetype was used What index was used What the search string was When the search was last ran

Continue Reading →

List All Splunk Users & Associated Roles

The following Splunk query will show a table of all users and their roles:

*Admin Notes* I’ve found the following query to work better in my environment:

Continue Reading →

Index Modifications

This Splunk query should show which users attempted to modify an index and if that action was successful:

Continue Reading →