Is there a way to see who modified system settings in Splunk Cloud? For example we recently had an issue where an Splunk IP allow list was modified however we can not seem to find the activity in the _internal or _audit indexes.
At least some changes could found from index _configtracker.