Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I see who created users

LASSEENERSEN
New Member
‎02-08-2012 03:16 AM

We are using Splunk Authorization and I found 67 unexpected users in "Manager » Access controls » Users" list. Not only that; but they are all marked "Authentication system = Scripted".
I would like to know who created these users and when. I have tried with:
index=_audit action="edit_user" operation="create" (searching "All time").
But that only gives me the "normal" users - and not even all of them.

How can I see who created the rest of the users?

Tags (4)
0 Karma
Reply

Ayn
Legend
‎02-08-2012 03:39 AM

The users that were added through scripted authentication were synchronized from the external scripted authentication system that you're using. For more information, see http://docs.splunk.com/Documentation/Splunk/latest/Admin/configureSplunktousePAMorRADIUSauthenticati...

Reply

cboeing
Engager
‎02-25-2013 04:35 PM

Link referenced is no longer accessible. tried the click here anyway and that doesn't go anywhere. please correct or post answer that applies to the current version 5.x. thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...