Hi Splunk Community,
We have splunk enterprise 8.0.7.
I would like to know the status of past splunk searches.
Load, even count, time range, did the search timed out, how long did the search ran etc.
Thank you.
Hi
you could start with this:
index=_audit sourcetype=audittrail search_id=* info=completed action=search
I'm not 100% if you get all those information what you asked with this or should you change info and action to another values too?
r. Ismo