I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep dive result. Basically i need to see if anyone in the roles edited, added and deleted something in splunk .
index=_audit user!=splunk-system-user user!="n/a" (action=edit OR action=create OR action=delete)
| table _time user, action info host
action: edit_deployment_client, edit_user(This result i need to see what is edited by user in deep dive result)
Thanks in adavance