Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to audit user modifications to search head cluster?

$
0
0
I need to create a query to reveal who changed which objects on the search head cluster when (excluding modifications to personal items). My query so far is: index=_internal source="/opt/splunk/var/log/splunk/splunkd_ui_access.log" method=POST host="sh_svr_*" NOT prefs NOT parser NOT intentionsparser NOT login NOT jobs NOT "/dispatch"|stats count values(uri) by user Q1) Is there a better query to use? Q2) If I continue down this path, how can I exclude results in the URI field where the user name is contained within the URI string?

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>