Solved: Splunk 5.0.5, Does Splunk logs object deletion act...

somesoni2 · ‎01-08-2014

Hi,

We have a shared development environment for Splunk (version 5.0.5) where many users do create/updated/delete Splunk objects (e.g. saved searches/views/lookups etc).

Does Splunk logs any information in any internal logs for who created (not imp at this point)/deleted (this is what I want to know for sure)/updated any of the objects? Something like auditing Splunk Web activities.

Appreciate your help.

rahulroy_splunk · ‎01-08-2014

This seems to be working for deleted items.

index=_internal sourcetype=splunkd_access method="DELETE"

I'm too looking for "UPDATE" but no luck so far.

View solution in original post

rahulroy_splunk · ‎01-08-2014

This seems to be working for deleted items.

index=_internal sourcetype=splunkd_access method="DELETE"

I'm too looking for "UPDATE" but no luck so far.

Splunk 5.0.5, Does Splunk logs object deletion activity from Splunk Web ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation