Hi,
Can someone tell me what the splunk-system-user, nobody and other represent when looking a the Search Count by User report?
Basically... splunk-system-user is the user all "system" jobs run as. For instance, if you check out the Activity Menu>Search Activity>Search Activity Overview, you'll see what the splunk-system-user is running... and it's likely summary refreshes, report accelerations etc...
"nobody" is what you'll see when something (dashboard, search, etc) has been given APP level permission. A specific user might be the "author"... but the user that "owns" it will be "nobody" since it's "owned" by the app...
Anyone? Bueller?