Create weekly report of user activity with (add, m...

Splunk Enterprise Security

Highlighted

I did tried with below query where as i am getting action results edit but i am not able see what is edited like deep dive result. Basically i need to see if anyone in the roles edited, added and deleted something in splunk .

index=_audit user!=splunk-system-user user!="n/a" (action=edit OR action=create OR action=delete)
| table _time user, action info host

Result Table:
Date&time: aaaaaaaaa
user: AAAAAA
action: editdeploymentclient, edit_user(This result i need to see what is edited by user in deep dive result)
host: BBBBBBBB

Thanks in adavance

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Create weekly report of user activity with (add, modify, delete) in Splunk with required fields username , host, activity type, date time

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our Career Survey Now!

Share your experience in our
Career Survey Now!