Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

kthudi6
New Member
‎03-25-2020 11:53 AM

I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep dive result. Basically i need to see if anyone in the roles edited, added and deleted something in splunk .

index=_audit user!=splunk-system-user user!="n/a" (action=edit OR action=create OR action=delete)
| table _time user, action info host

Result Table:
Date&time: aaaaaaaaa
user: AAAAAA
action: edit_deployment_client, edit_user(This result i need to see what is edited by user in deep dive result)
host: BBBBBBBB

Thanks in adavance

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...