I want to search Splunk logs in order to see changes to Splunk Objects by user. An example would be to see an event which reads something like the following:
date=1/1/2000, time=08:00:00.000, object=app, object_name=app1, file_name="local.meta" action=permissions_change, value_new="export=system", user_splunk=user1
date=1/1/2000, time=08:01:00.000, object=fields, object_name=sourcetype1, file_name=props.conf, action=line_added, value_new="TRANSFORMS-nullqueue_pound = nullqueue_pound", user_splunk=user1
.. or logs that reveal similar information along that effect.
What search reveals the changes in Splunk objects by the user that made each change?
↧