Is there an easy way to work out who has run queries or dashboards on Splunk and obtain contact information e.g. e-mail addresses
we are moving from one splunk environment to another, and would like to be able to identify users still using the old environment, and what they are accessing.
Use the audit index.
index=_audit action=search user=*