With multiple admins in our Splunk Cloud, we'd like to see any changes made that have a global or app wide impact.

Example: I just deleted a field alias (was: csUserAgent_ == httpuseragent).

Searching _audit and _internal for either of those terms, the only results I can find is searches - I can't actually find the event where it was deleted.