Solved: Re: Query To Identify Who Has Exported Data

IRHM73 · ‎03-22-2017

Hi, I wonder whether someone may be able to help me please.

I've tried for a few days to find a solution online bus so far I've been unsuccessful, but could someone tell me please, is there a query which I could to see who has exported Splunk data?

Many thanks and kind regards

Chris

andrey2007 · ‎03-22-2017

May be this query will help you

index=_internal file=export | table file user uri_path

View solution in original post

rewritex · ‎03-22-2017

I exported a .csv using a specific name and searched for the name. I found the results using index=_internal filename=* . I'm on Splunk 6.5.2

IRHM73 · ‎03-23-2017

Hi @rewritex, thank you for taking the time to come back to me with this. The solution from @audrey2007 was slightly more what I was looking for.

Many thanks and kind regards

Chris

andrey2007 · ‎03-22-2017

May be this query will help you

index=_internal file=export | table file user uri_path

IRHM73 · ‎03-23-2017

Hi @audrey2007, thank you for taking the time to come back to me with this. It works perfectly.

Regards

Chris

Query To Identify Who Has Exported Data

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!