Archive

How to get the audit logs for saved searches and dashboards?

gkumarashanmuga
Explorer

Hi Team,

Recently we have observed few of our scheduled searches has been disabled(also summary indexing disabled). Is it possible to have an audit for the users who has done the changes?

Tags (1)
0 Karma

iamarkaprabha
Contributor

Hi ,

You can try this also
| rest /services/saved/searches | where is_scheduled=1

maciep
Champion

I'm guessing that would be in the _audit index? Maybe check out What Splunk Logs About Itself

0 Karma