Does Splunk monitor it self in ways of a user, no matter what role, has been editing or deleting any views?
with auditing enabled, every interaction with Splunk -- search, configuration changes, etc -- generates an audit event in the index=_audit. Here is a list of activities that generate audit events:
Read more about auditing in the docs
hope this helps ...
View solution in original post