With multiple admins in our Splunk Cloud, we'd like to see any changes made that have a global or app wide impact.
Example: I just deleted a field alias (was: cs_User_Agent_ == http_user_agent).
Searching _audit and _internal for either of those terms, the only results I can find is searches - I can't actually find the event where it was deleted.