Splunk Search
Highlighted

Get user's search history

Builder

Is there a way to get the user search activity excluding the searches given the dashboards

Thanks
N

0 Karma
Highlighted

Re: Get user's search history

SplunkTrust
SplunkTrust

hello there,

start with: index=_audit action=search user=yourUser
many answers here with tips and variations for example:
https://answers.splunk.com/answers/49089/is-it-possible-to-monitor-splunk-user-activity.html
https://answers.splunk.com/answers/225682/how-to-search-splunks-internal-audit-events-to-see.html
https://answers.splunk.com/answers/77551/splunk-user-activity.html
or use your favorite search engine and try combinations like: "splunk track user activity"
also, i think that there are couple apps around this topic.

hope it helps

0 Karma
Highlighted

Re: Get user's search history

Legend

@nawazns5038, I have added comments to @MuS 's answer below.

https://answers.splunk.com/answers/170477/how-do-i-get-a-list-of-all-searches-performed-in-s.html#an...

Please try out and confirm!




| eval message="Happy Splunking!!!"


0 Karma
Highlighted

Re: Get user's search history

Builder

Yes, looks like its working .

Thanks !

0 Karma