Solved: Re: Query To Identify Who Has Exported Data

IRHM73 · ‎03-22-2017

Hi, I wonder whether someone may be able to help me please.

I've tried for a few days to find a solution online bus so far I've been unsuccessful, but could someone tell me please, is there a query which I could to see who has exported Splunk data?

Many thanks and kind regards

Chris

andrey2007 · ‎03-22-2017

May be this query will help you

index=_internal file=export | table file user uri_path

View solution in original post

rewritex · ‎03-22-2017

I exported a .csv using a specific name and searched for the name. I found the results using index=_internal filename=* . I'm on Splunk 6.5.2

IRHM73 · ‎03-23-2017

Hi @rewritex, thank you for taking the time to come back to me with this. The solution from @audrey2007 was slightly more what I was looking for.

Many thanks and kind regards

Chris

andrey2007 · ‎03-22-2017

May be this query will help you

index=_internal file=export | table file user uri_path

IRHM73 · ‎03-23-2017

Hi @audrey2007, thank you for taking the time to come back to me with this. It works perfectly.

Regards

Chris

Query To Identify Who Has Exported Data

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Casting Call: Compete in Cyber Games

Announcing Modern Navigation: A New Era of Splunk User Experience

How Edge Processor's Durable Queue Works

Join the Conversation

Query To Identify Who Has Exported Data

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Casting Call: Compete in Cyber Games

Announcing Modern Navigation: A New Era of Splunk User Experience

How Edge Processor's Durable Queue Works