Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Get user's search history

nawazns5038
Builder
‎02-26-2018 05:46 PM

Is there a way to get the user search activity excluding the searches given the dashboards

Thanks
N

0 Karma
Reply

niketn
Legend
‎02-27-2018 11:58 AM

@nawazns5038, I have added comments to @MuS 's answer below.

https://answers.splunk.com/answers/170477/how-do-i-get-a-list-of-all-searches-performed-in-s.html#an...

Please try out and confirm!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

nawazns5038
Builder
‎02-28-2018 03:08 PM

Yes, looks like its working .

Thanks !

0 Karma
Reply

adonio
Ultra Champion
‎02-26-2018 05:56 PM

hello there,

start with: index=_audit action=search user=yourUser
many answers here with tips and variations for example:
https://answers.splunk.com/answers/49089/is-it-possible-to-monitor-splunk-user-activity.html
https://answers.splunk.com/answers/225682/how-to-search-splunks-internal-audit-events-to-see.html
https://answers.splunk.com/answers/77551/splunk-user-activity.html
or use your favorite search engine and try combinations like: "splunk track user activity"
also, i think that there are couple apps around this topic.

hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...