@python wrote: Can I also identify the owner and the last user who accessed the dashboard, as well as the exact date it was accessed? Hi @python To achieve this you can use the following SP...
See more...
@python wrote: Can I also identify the owner and the last user who accessed the dashboard, as well as the exact date it was accessed? Hi @python To achieve this you can use the following SPL: index=_audit provenance=* app=* info=completed earliest=-60d provenance!="N/A" app!="N/A" provenance!="UI:Search" provenance!="Scheduler"
| eval provenance=replace(replace(provenance,"UI:Dashboard:",""),"UI:dashboard:","")
| stats latest(user) as last_user, latest(_time) as latest_access, dc(search_id) as searches by provenance, app
| append
[| rest /servicesNS/-/-/data/ui/views splunk_server=local count=0
| fields eai:acl.app title name eai:acl.owner isVisible
| rename eai:acl.app as app, title as provenance, eai:acl.owner as owner ]
| stats values(*) as * by provenance, app
| where searches>1
| eval latest_access_readble=strftime(latest_access,"%Y-%m-%d %H:%M:%S") Did this answer help you? If so, please consider: Adding kudos to show it was useful Marking it as the solution if it resolved your issue Commenting if you need any clarification Your feedback encourages the volunteers in this community to continue contributing