Splunk Search

how to view the list of search queries run for a given time

ashari
Explorer

I work in a shared splunk environment where any one can run splunk query. I want to see all the queries run in splunk environment for any given time. one idea is to look inside the _audite of Splunk. Can anyone help me to sort it out.

Tags (2)

somesoni2
Revered Legend

See the history command.

|history 

Also see this (user queries)

index=_audit action="search" search=* NOT user="splunk-system-user"

somesoni2
Revered Legend

The search for audit should give the data you want. For more formatted answer, refer to @Mus answer here. http://answers.splunk.com/answers/151378/history-command-is-not-showing-the-searches-run-by-all-the-...

0 Karma

ashari
Explorer

Thanks it works, but as I said I work in a shared environment and history command dont show me the commands of other people that they have run on splunk. I can only see the commands that I have run on splunk. I have got the administration privillages on Splunk.

0 Karma
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Index This | I am a number but I am countless. What am I?

January 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  Happy New Year! We’re ...

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

PLATFORM TECH TALKS What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience Thursday, February 27, ...