Solved: Re: Query To Identify Who Has Exported Data

IRHM73 · ‎03-22-2017

Hi, I wonder whether someone may be able to help me please.

I've tried for a few days to find a solution online bus so far I've been unsuccessful, but could someone tell me please, is there a query which I could to see who has exported Splunk data?

Many thanks and kind regards

Chris

andrey2007 · ‎03-22-2017

May be this query will help you

index=_internal file=export | table file user uri_path

View solution in original post

rewritex · ‎03-22-2017

I exported a .csv using a specific name and searched for the name. I found the results using index=_internal filename=* . I'm on Splunk 6.5.2

IRHM73 · ‎03-23-2017

Hi @rewritex, thank you for taking the time to come back to me with this. The solution from @audrey2007 was slightly more what I was looking for.

Many thanks and kind regards

Chris

andrey2007 · ‎03-22-2017

May be this query will help you

index=_internal file=export | table file user uri_path

IRHM73 · ‎03-23-2017

Hi @audrey2007, thank you for taking the time to come back to me with this. It works perfectly.

Regards

Chris

Query To Identify Who Has Exported Data

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...