Hi All,
I am searching for data in index for searches which users executed with time range "All Time".
index=_audit search_et="N/A" search_lt="N/A" user!="splunk-system-user"
I got events with following fields: -
And many others.
I need your help and guidance on seeking details about the fields fetched by the _audit index.
Thank you
Based on the findings so far, I could understand following details on the fields listed in the thread description: -
In case any one can share their inputs to better understand the above points or share the information about fields which I could not document, it would be very helpful.
Thank you
Hi @somesoni2,
I found you had answered a similar question in 2013: https://community.splunk.com/t5/Splunk-Search/Identify-users-and-searches-searching-over-all-time/td...
Thus, it would be very helpful if you could share your inputs on understanding the fields returned by events of the index: _audit.
Thank you
Hi @Azeemering,
I read your response on thread: https://community.splunk.com/t5/Monitoring-Splunk/audit-command-in-splunk/m-p/225849 about the usage of index: _audit.
It would be very helpful if you could help by sharing your inputs on the fields returned by the index.
Thank you