Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I audit changes made to Splunk Role Index access?

nthornbury
Explorer
‎07-05-2017 02:07 PM

Can someone point me in the right direction to find info concerning auditing Splunk Cloud role changes? Specifically, I need to find out who/when an index access change occurred for a role in our Splunk Cloud deployment. I have tried searching the audit index, yet I don't get any info that says: `this user account________ on this date__________ modified the index access list for this role________`?

Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nthornbury
Explorer
‎06-18-2018 06:57 AM

Problem Solved.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nthornbury
Explorer
‎08-13-2018 05:42 AM

Peter,

I developed a report that runs each week, and sends me the reults fo the following search string:

index=_audit source=audittrail operation=edit action!=search action=edit_roles

You could modify this search with other parameters that suit your particular needs or frequency. The above, will show you all mods made to the admin role. I hope that helps. Thanks!

Reply
Solved! Jump to solution
Solution

nthornbury
Explorer
‎06-18-2018 06:57 AM

Problem Solved.

0 Karma
Reply
Solved! Jump to solution

randy_moore
Path Finder
‎06-15-2018 08:33 AM

@nthornbury - Were you ever able to get this solved?

0 Karma
Reply
Solved! Jump to solution

nthornbury
Explorer
‎06-18-2018 06:57 AM

Yes, I am good to go on this one. Thank you for the follow-up!

0 Karma
Reply
Solved! Jump to solution

peter_krammer
Communicator
‎08-13-2018 01:56 AM

Would you be so kind and share how you solved it, so that others can benefit from the info.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...