I am mostly new to Splunk but certainly the most well-versed member on my team. I was recently reprimanded by my company's Big Data leadership for "abusing the system" by running "25 queries with index=*" and that I should know what indexes I am working within...
Here's the deal.. I never ran 25 queries with index=*... at most my team has four total indexes so there wouldn't be much of a reason.
My question is this - since I created a dashboard for my team - is it possible someone else ran the queries through my dashboard (say by inspecting a panel) and it registered to my user account?
I currently have my group set to read-only permissions. Thoughts?