Audit:[timestamp=10-29-2017 15:55:70.674, firstname.lastname@example.org, action=edit_user, info=granted object="email@example.com" operation=edit][n/a]
Is there anyway to actually see the edits that Bob made to Jerry's user account. Specifically what roles were added or removed.
Tried to use,
| rest /services/authentication/current-context splunk_server=local
but that only provides the roles that my current account has. Any help would be appreciated/