good morning
It is required to audit the modifications of the users in the splunk environment, know who modified who and the schedule if possible.
regards
Hi.
Check audit log
index=_audit
https://docs.splunk.com/Documentation/Splunk/7.2.3/Security/AuditSplunkactivity