You can try following query.
index=_audit action=search info=completed
This will give you fields like user, total run time,result count, time when search was executed, search time range and variety of other information.
Cheers.
You can try following query.
index=_audit action=search info=completed
This will give you fields like user, total run time,result count, time when search was executed, search time range and variety of other information.
Cheers.
Hello
In the default search app, you have a few reports with search user activity, you can found them in:
Status\Search Activity\
In particular: Search Activity per user.
In addition to those reports, you have even more in the SOS app that you can download from apps.splunk.com
Regards