I get a "Error on line 2: Unexpected close tag

    <search id="base"> 
      <query> index=_internal source=*web_access.log* /app/  action=edit | rex  "/app/(?<app_name>.\w+)/(?<dashboard_name>.\w+)" | table _time, user, app_name dashboard_name </query>
      <earliest>0</earliest>
      <latest></latest>
    </search>

try this:

<dashboard>
  <label>Changed Views</label>
  <row>
    <panel>
      <title>who changed what when</title>
      <table>
        <search>
          <query>index=_internal source=*web_access.log* /app/  action=edit | rex  "/app/(?&lt;app_name&gt;.\w+)/(?&lt;dashboard_name&gt;.\w+)" | table _time, user, app_name dashboard_name</query>
          <earliest>-30d@d</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">50</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="percentagesRow">false</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
</dashboard>

Anyway I can also see the indexes?

do you mean the indexes a search / report / dashboard is using?

Yes, like is there a way I can also add a new column to show the indexes that those databases are using?

@eyaluodba this data is a little more complex to grab as you will need to look at the search.log (in _internal and _audit indexes). it will require couple of steps process.
a. understand and capture which searches drives your views and who is the creator (will elaborate)
b. what is the syntax of the searches and if it has: index=a OR index=b etc...
c. understand the results and the indexes field values
d. if the role does not have access to indexes, the search will skip these particular indexes although the search syntax includes them
e. with that said, there are couple of answers here that covers some of it:
https://answers.splunk.com/answers/321581/how-to-find-the-most-searched-index-in-splunk.html
https://answers.splunk.com/answers/273176/how-can-i-determine-how-much-an-index-is-being-sea.html

It wants me to put it up first, but when I do it doesn't work.

index=_internal source=web_access.log /app/ action=edit
| rex "/app/(?<app_name>.\w+)/(?<dashboard_name>.\w+)" | table dashboard_name, _time, app_name, user,

i think it will be good to open another question.
pay attention that the | rest /services/data/indexes only tells you about the indexes configurations and not about how they are being searched

Alright thanks for all your help!

So if I wanted to use | REST /services/data/indexes | table title
in my code, how would I go about doing that? Everytime I try to add it I get "Error in 'rest' command: This command must be the first command of a search."

Thank you so much!

Thank you so much. It worked!