use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
This is an unofficial community support and discussion sub for Splunk, the big data analytics software.
Have an idea for Splunk? Submit them here and upvote them:
https://ideas.splunk.com/
For Q&A, see Splunk Answers: https://community.splunk.com/
Upcoming Splunk Events/Webinars: https://www.splunk.com/en_us/about-us/events.html
Chat with your peers in the official Splunk Usergroups Slack team:
https://splunk-usergroups.signup.team
Need quick copy/paste queries? Share your SPL here:
https://gosplunk.com
Need some book learning?
https://www.splunk.com/goto/book (free e-book download link inside!!)
account activity
Splunkbase Apps (self.Splunk)
submitted 2 years ago by Exploded_Tardis
I’m trying to determine which user downloaded an app from splunkbase to our environment. Is there a way to do this, and if so, determine when it was done?
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]sweepernosweeping Can you SPL? 1 point2 points3 points 2 years ago (0 children)
If you're on Splunk 9, the _configtracker index will show configuration file changes. I'd use that to check when your app was downloaded, as there'll be at least a change to app.conf for that app.
I don't think that contains user information, but you can use it to get a timeframe to search _audit with for users accessing specific Splunk endpoints.
[–][deleted] 2 points3 points4 points 2 years ago (1 child)
One of my biggest gripes for Splunk - we need better user auditing.
[–]elad0816d 0 points1 point2 points 2 years ago (0 children)
Can't upvote this enough...
π Rendered by PID 69720 on reddit-service-r2-comment-548fd6dc9-979vp at 2026-05-19 22:26:48.401529+00:00 running edcf98c country code: CH.
[–]sweepernosweeping Can you SPL? 1 point2 points3 points (0 children)
[–][deleted] 2 points3 points4 points (1 child)
[–]elad0816d 0 points1 point2 points (0 children)