Need your help,
Can you please provide the splunk query to find who are all executed delete event command (| delete) in last one hour. because if someone delete the event, we want to know the user details and what query they executed.
Duplicate:
https://answers.splunk.com/answers/43339/alert-on-deleted-data.html
View solution in original post