How do I get a list of saved searches name, the user who ran it, the last time it ran and the query it ran, and who created the search ?
I have looked at a couple of queries like, but can't get the creator :-
> index=_audit action=search info=granted search=* NOT "search_id='scheduler" NOT "search='|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" | stats count by user search _time | sort user | fields user search _time
↧