looking for the best way to audit all users accessing REST endpoints found a way to list users, but any way to limit this based on REST calls? | rest /services/authentication/users splunk_server=* ... View more

I have a request from one of our service managers about getting a inventory of all hosts logging into Splunk. Using tstats does get the results we need via | tstats values(host) by host drilling down per index | tstats values(host) as hosts where index=idxname by index and exporting to a CSV file or emailing the results wont work for our current needs and he would like the exported CSV results to be stored on network drive on a weekly basis, or possibly some other format if that's an option. Not sure if this is possible with the report actions currently available, as I only see webhook, emailing results etc. wondering if there is a way to do this with a addon alert action, or possibly another way? ... View more