I have inherited a splunk distributed deployment which is a bit of a train wreck.
Does anyone know of a way to identify indexes that no one has searched for a long time?
Or how to identify reports that no one has run for a long time or that are not scheduled?
Someone already developed a dashboard and posted it here for that purpose :
You can also use app such as search activity to see what's being used the most and reverse the search to get what's being used the least :
Another useful link to see dashboard usage here :
Lots of resources about this. You can even leverage the MC to get more insight one what's happening.
Let me know if there's a specific query you're looking to build in addition to all that.