How to get the audit logs for saved searches and dashboards?

Hi Team,

Recently we have observed few of our scheduled searches has been disabled(also summary indexing disabled). Is it possible to have an audit for the users who has done the changes?

Tags (1)
0 Karma


Hi ,

You can try this also
| rest /services/saved/searches | where is_scheduled=1


I'm guessing that would be in the _audit index? Maybe check out What Splunk Logs About Itself

0 Karma