All Apps and Add-ons

Google Apps for Splunk: How to track google file ownership changes?

summitsplunk
Communicator

My current search looks like this:

index=smt_gsuite sourcetype=gapps:report:drive "events{}.name"=change_user_access | stats count by actor.email,events{}.parameters{}.owner,events{}.parameters{}.target_user

This query seems to show me the person who initiated the access change, the owner of the file and the user who now has access to the file.

What I cant seem to figure out how to do is specifically write a search that shows "ownership changes" to files not just access changes.

Has anyone used the gsuite for splunk app and been able to write a search that shows ownership changes?

0 Karma
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...