Hi, I wonder whether someone may be able to help me please.
I'm using the query below to list the current user accounts:
|rest /services/authentication/users splunk_server=local
|fields realname
|rename realname as user
|table user
Could someone tell me please is there a way to determine when the account was created.
I have tried:
|rest /services/authentication/users splunk_server=local
But there is no such field that I can see, only when the account was last updated.
I just wonder whether someone may be able to point me in the right direction as to where I may find this information.
Many thanks and kind regards
Chris
↧