Audit:[timestamp=01-25-2023 22:08:54.818, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:54.818, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:54.817, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:54.811, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:54.810, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:54.809, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:53.836, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:53.818, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:53.817, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:53.817, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:53.809, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:53.809, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:53.808, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:53.355, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:52.826, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:52.816, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:52.816, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:52.815, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:52.809, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:52.809, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:52.807, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:51.817, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:51.816, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:51.816, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:51.809, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:51.809, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:51.807, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:50.826, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:50.816, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:50.815, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:50.815, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:50.808, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:50.807, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:50.806, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:50.579, user=admin, action=search, info=completed, search_id='1674684510.22', has_error_warn=false, fully_completed_search=true, total_run_time=0.14, event_count=0, result_count=1, available_count=0, scan_count=0, drop_count=0, exec_time=1674684510, api_et=1674597600.000000000, api_lt=1674684510.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1674597600.000000000, search_lt=1674684510.000000000, is_realtime=0, savedsearch_name="", search_startup_time="97", is_prjob=false, acceleration_id="0D03F83A-D831-4DAB-AC95-E3718EA688DA_search_admin_f2df6493ea859e37", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| makeresults | createrss path=test3 name=test3 link="http://whatever.com/somewhere/else" descr="this is a test" count=10']
Audit:[timestamp=01-25-2023 22:08:50.577, user=admin, action=search, info=completed, search_id='1674684519.23', has_error_warn=false, fully_completed_search=true, total_run_time=0.12, event_count=0, result_count=1, available_count=0, scan_count=0, drop_count=0, exec_time=1674684519, api_et=1674597600.000000000, api_lt=1674684519.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1674597600.000000000, search_lt=1674684519.000000000, is_realtime=0, savedsearch_name="", search_startup_time="86", is_prjob=false, acceleration_id="0D03F83A-D831-4DAB-AC95-E3718EA688DA_search_admin_f2df6493ea859e37", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='| makeresults | createrss path=test3 name=test3 link="http://whatever.com/somewhere/else" descr="this is a test" count=10']
Audit:[timestamp=01-25-2023 22:08:49.824, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:49.815, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:49.814, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:49.814, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:49.807, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:49.807, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:49.806, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:48.919, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:48.834, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:48.814, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:48.814, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:48.813, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:48.808, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:48.807, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:48.806, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:47.813, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:47.813, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:47.813, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:47.807, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:47.807, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:47.806, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:46.814, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/timeline]
Audit:[timestamp=01-25-2023 22:08:46.799, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:46.799, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:46.793, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:46.792, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:46.791, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:46.465, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:46.273, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:46.273, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:46.272, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:45.925, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.925, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.924, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:45.705, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:45.700, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:45.687, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/events]
Audit:[timestamp=01-25-2023 22:08:45.687, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24/summary]
Audit:[timestamp=01-25-2023 22:08:45.680, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.680, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.679, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:45.572, user=admin, action=rtsearch, info=granted REST: /streams/rtsearch/0]
Audit:[timestamp=01-25-2023 22:08:45.526, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:45.496, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.496, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.495, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:45.469, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:45.463, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.463, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.462, user=admin, action=search, info=granted REST: /search/jobs/rt_1674684525.24]
Audit:[timestamp=01-25-2023 22:08:45.452, user=admin, action=quota,search_id=rt_1674684525.24, elapsed_ms=1, cache_size=7]
Audit:[timestamp=01-25-2023 22:08:45.451, user=admin, action=search, info=granted , search_id='rt_1674684525.24', search='search index=_audit sourcetype=audittrail', autojoin='1', buckets=300, ttl=600, max_count=10000, maxtime=0, enable_lookups='1', extra_fields='*', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="RT"]
Audit:[timestamp=01-25-2023 22:08:45.450, user=admin, action=rtsearch, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.450, user=admin, action=search, info=granted REST: /search/jobs]
Audit:[timestamp=01-25-2023 22:08:45.449, user=admin, action=search, info=granted REST: /search/ast]
Audit:[timestamp=01-25-2023 22:08:45.424, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.424, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.424, user=admin, action=edit_search_schedule_window, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.424, user=admin, action=edit_search_schedule_priority, info=granted ]
Audit:[timestamp=01-25-2023 22:08:45.362, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:44.394, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:08:39.588, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:39.453, user=admin, action=search, info=granted REST: /search/jobs/1674684519.23/results_preview]
Audit:[timestamp=01-25-2023 22:08:39.441, user=admin, action=search, info=granted REST: /search/jobs/1674684519.23/results_preview]
Audit:[timestamp=01-25-2023 22:08:39.439, user=admin, action=search, info=granted REST: /search/parser]
Audit:[timestamp=01-25-2023 22:08:39.425, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.424, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.423, user=admin, action=search, info=granted REST: /search/jobs/1674684519.23]
Audit:[timestamp=01-25-2023 22:08:39.273, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:39.256, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.237, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.236, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.235, user=admin, action=search, info=granted REST: /search/jobs/1674684519.23]
Audit:[timestamp=01-25-2023 22:08:39.222, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:39.217, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.217, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.216, user=admin, action=search, info=granted REST: /search/jobs/1674684519.23]
Audit:[timestamp=01-25-2023 22:08:39.205, user=admin, action=quota,search_id=1674684519.23, elapsed_ms=1, cache_size=6]
Audit:[timestamp=01-25-2023 22:08:39.204, user=admin, action=search, info=granted , search_id='1674684519.23', search='| makeresults | createrss path=test3 name=test3 link="http://whatever.com/somewhere/else" descr="this is a test" count=10', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Tue Jan 24 22:00:00 2023', apiEndTime='Wed Jan 25 22:08:39 2023', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"]
Audit:[timestamp=01-25-2023 22:08:39.203, user=admin, action=search, info=granted REST: /search/jobs]
Audit:[timestamp=01-25-2023 22:08:39.201, user=admin, action=search, info=granted REST: /search/ast]
Audit:[timestamp=01-25-2023 22:08:39.187, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.187, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.187, user=admin, action=edit_search_schedule_window, info=granted ]
Audit:[timestamp=01-25-2023 22:08:39.187, user=admin, action=edit_search_schedule_priority, info=granted ]
Audit:[timestamp=01-25-2023 22:08:36.057, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:31.127, user=admin, action=search, info=granted REST: /search/jobs/1674684510.22/results_preview]
Audit:[timestamp=01-25-2023 22:08:31.110, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:31.110, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:31.109, user=admin, action=search, info=granted REST: /search/jobs/1674684510.22]
Audit:[timestamp=01-25-2023 22:08:31.105, user=admin, action=search, info=granted REST: /search/jobs/1674684510.22/results_preview]
Audit:[timestamp=01-25-2023 22:08:31.100, user=admin, action=search, info=granted REST: /search/parser]
Audit:[timestamp=01-25-2023 22:08:31.082, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:31.082, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:31.081, user=admin, action=search, info=granted REST: /search/jobs/1674684510.22]
Audit:[timestamp=01-25-2023 22:08:30.944, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:30.911, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.889, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.888, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.888, user=admin, action=search, info=granted REST: /search/jobs/1674684510.22]
Audit:[timestamp=01-25-2023 22:08:30.876, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:08:30.871, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.870, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.870, user=admin, action=search, info=granted REST: /search/jobs/1674684510.22]
Audit:[timestamp=01-25-2023 22:08:30.863, user=admin, action=quota,search_id=1674684510.22, elapsed_ms=1, cache_size=5]
Audit:[timestamp=01-25-2023 22:08:30.863, user=admin, action=search, info=granted , search_id='1674684510.22', search='| makeresults | createrss path=test3 name=test3 link="http://whatever.com/somewhere/else" descr="this is a test" count=10', autojoin='1', buckets=0, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='', apiStartTime='Tue Jan 24 22:00:00 2023', apiEndTime='Wed Jan 25 22:08:30 2023', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"]
Audit:[timestamp=01-25-2023 22:08:30.861, user=admin, action=search, info=granted REST: /search/jobs]
Audit:[timestamp=01-25-2023 22:08:30.859, user=admin, action=search, info=granted REST: /search/ast]
Audit:[timestamp=01-25-2023 22:08:30.843, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.843, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.843, user=admin, action=edit_search_schedule_window, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.843, user=admin, action=edit_search_schedule_priority, info=granted ]
Audit:[timestamp=01-25-2023 22:08:30.834, user=admin, action=search, info=cancel, search_id='rt_md_1674684465.21']
Audit:[timestamp=01-25-2023 22:08:30.833, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:29.533, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:29.533, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:29.532, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:29.466, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:08:29.466, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:26.537, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:26.537, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:26.536, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:26.056, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:23.533, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:23.533, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:23.532, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:20.591, user=admin, action=search, info=canceled, search_id='ta_1674684414.18', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684414, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=audittrail" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.590, user=admin, action=search, info=canceled, search_id='ta_1674684414.17', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684414, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=audittrai" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.588, user=admin, action=search, info=canceled, search_id='ta_1674684412.9', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684412, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=a" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.587, user=admin, action=search, info=canceled, search_id='ta_1674684411.8', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684411, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.586, user=admin, action=search, info=canceled, search_id='ta_1674684414.16', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684414, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=audittra" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.585, user=admin, action=search, info=canceled, search_id='ta_1674684412.10', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684412, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=au" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.584, user=admin, action=search, info=canceled, search_id='ta_1674684413.13', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684413, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=audit" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.583, user=admin, action=search, info=canceled, search_id='ta_1674684413.11', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684413, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=aud" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.581, user=admin, action=search, info=canceled, search_id='ta_1674684414.15', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684414, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=audittr" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.580, user=admin, action=search, info=canceled, search_id='ta_1674684413.12', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684413, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=audi" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.578, user=admin, action=search, info=canceled, search_id='ta_1674684413.14', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684413, api_et=N/A, api_lt=N/A, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="N/A", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='typeahead prefix="index=_internalsourcetype=auditt" max_time="1" count="50" use_cache=1']
Audit:[timestamp=01-25-2023 22:08:20.538, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:20.538, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:20.537, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:19.633, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:17.539, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:17.539, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:17.538, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:16.054, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:14.722, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:08:14.538, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:14.538, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:14.537, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:11.537, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:11.537, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:11.536, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:09.721, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:08.537, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:08.537, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:08.536, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:06.054, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:08:05.538, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:05.538, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:05.537, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:08:02.537, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:02.537, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:08:02.536, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:59.733, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:07:59.733, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:59.538, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:59.538, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:59.537, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:56.537, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:56.537, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:56.536, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:56.053, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:53.526, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:53.526, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:53.524, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:50.942, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:50.942, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:50.941, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:49.710, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:49.217, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:49.217, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:49.216, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:48.066, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:48.066, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:48.064, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:47.289, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:47.289, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:47.288, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:46.773, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:46.773, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:46.772, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:46.427, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:46.427, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:46.426, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:46.240, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:07:46.218, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:07:46.218, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:07:46.048, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:46.044, user=admin, action=rest_properties_get, info=granted REST: /static/appIcon_2x.png]
Audit:[timestamp=01-25-2023 22:07:46.037, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:46.037, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:46.036, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:46.016, user=admin, action=list_health, info=granted object="deployment" operation=list]
Audit:[timestamp=01-25-2023 22:07:45.997, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.997, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.996, user=admin, action=search, info=granted REST: /search/jobs/rt_md_1674684465.21]
Audit:[timestamp=01-25-2023 22:07:45.970, user=admin, action=rtsearch, info=granted REST: /streams/rtsearch/0]
Audit:[timestamp=01-25-2023 22:07:45.948, user=admin, action=search, info=granted , search_id='rt_md_1674684465.21', search='| metadata type=sourcetypes | search totalCount > 0', autojoin='1', buckets=300, ttl=600, max_count=100000, maxtime=0, enable_lookups='1', extra_fields='*', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="RT"]
Audit:[timestamp=01-25-2023 22:07:45.947, user=admin, action=search, info=granted REST: /search/jobs]
Audit:[timestamp=01-25-2023 22:07:45.903, user=admin, action=rest_properties_get, info=granted REST: /static/appLogo_2x.png]
Audit:[timestamp=01-25-2023 22:07:45.895, user=admin, action=edit_telemetry_settings, info=granted object="general" operation=list]
Audit:[timestamp=01-25-2023 22:07:45.872, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:07:45.863, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.653, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.653, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.653, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.653, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.652, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.652, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.652, user=admin, action=edit_telemetry_settings, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.651, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.651, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.651, user=admin, action=list_workload_rules, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.651, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.651, user=admin, action=indexes_edit, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_user, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_user, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_tokens_all, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_sourcetypes, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=change_authentication, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.650, user=admin, action=edit_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=license_edit, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=license_edit, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=list_health, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=edit_health, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=edit_global_banner, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.649, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=edit_forwarders, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=list_forwarders, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=indexes_edit, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=edit_search_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=edit_dist_peer, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=edit_deployment_client, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=list_deployment_client, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.648, user=admin, action=indexes_edit, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=fsh_manage, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_search_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_dist_peer, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=list_deployment_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_monitor, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_forwarders, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=list_forwarders, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_forwarders, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=list_forwarders, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_udp, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_tcp, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_splunktcp, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=list_inputs, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_scripted, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_monitor, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.647, user=admin, action=edit_token_http, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.646, user=admin, action=indexes_edit, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.646, user=admin, action=edit_server, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.646, user=admin, action=restart_splunkd, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.646, user=admin, action=edit_indexer_cluster, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=edit_indexer_cluster, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=edit_indexer_cluster, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=change_authentication, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=edit_user, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=edit_roles, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=edit_win_wmiconf, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.645, user=admin, action=edit_win_regmon, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.644, user=admin, action=edit_modinput_winprintmon, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.644, user=admin, action=edit_modinput_perfmon, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.644, user=admin, action=edit_modinput_winnetmon, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.644, user=admin, action=edit_modinput_winhostmon, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.644, user=admin, action=edit_win_eventlogs, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.637, user=admin, action=edit_modinput_admon, info=denied ]
Audit:[timestamp=01-25-2023 22:07:45.637, user=admin, action=edit_tcp_stream, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.637, user=admin, action=edit_upload_and_index, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.636, user=admin, action=edit_tcp_stream, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.634, user=admin, action=edit_upload_and_index, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.633, user=admin, action=edit_roles, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.630, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.630, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.630, user=admin, action=rest_apps_view, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.629, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.628, user=admin, action=accelerate_search, info=granted ]
Audit:[timestamp=01-25-2023 22:07:45.626, user=admin, action=edit_user, info=granted object="admin" operation=edit]
Audit:[timestamp=01-25-2023 22:07:45.626, user=admin, action=edit_user, info=granted object="admin" operation=edit]
Audit:[timestamp=01-25-2023 22:07:45.626, user=admin, action=edit_user, info=granted object="admin" operation=list]
Audit:[timestamp=01-25-2023 22:07:45.022, user=admin, action=search, info=granted REST: /search/timeparser/tz]
Audit:[timestamp=01-25-2023 22:07:44.396, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:07:38.896, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:29.390, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:07:28.895, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:20.580, user=admin, action=search, info=bad_request, search_id='1674684414.19', has_error_warn=true, fully_completed_search=true, total_run_time=0.00, event_count=0, result_count=0, available_count=0, scan_count=0, drop_count=0, exec_time=1674684414, api_et=1674597600.000000000, api_lt=1674684414.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=N/A, search_lt=N/A, is_realtime=0, savedsearch_name="", search_startup_time="0", is_prjob=false, app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=0, eliminated_buckets=0, considered_events=0, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=0, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, roles='admin+power+user', search='search index=_internalsourcetype=audittrail']
Audit:[timestamp=01-25-2023 22:07:20.578, user=admin, action=search, info=completed, search_id='1674684419.20', has_error_warn=false, fully_completed_search=true, total_run_time=0.16, event_count=355, result_count=355, available_count=355, scan_count=355, drop_count=0, exec_time=1674684419, api_et=1674597600.000000000, api_lt=1674684419.000000000, api_index_et=N/A, api_index_lt=N/A, search_et=1674597600.000000000, search_lt=1674684419.000000000, is_realtime=0, savedsearch_name="", search_startup_time="142", is_prjob=false, acceleration_id="0D03F83A-D831-4DAB-AC95-E3718EA688DA_search_admin_9bfd2888608df77d", app="search", provenance="UI:Search", mode="historical", is_proxied=false, searched_buckets=1, eliminated_buckets=0, considered_events=355, total_slices=0, decompressed_slices=0, duration.command.search.index=0, invocations.command.search.index.bucketcache.hit=0, duration.command.search.index.bucketcache.hit=0, invocations.command.search.index.bucketcache.miss=0, duration.command.search.index.bucketcache.miss=0, invocations.command.search.index.bucketcache.error=0, duration.command.search.rawdata=22, invocations.command.search.rawdata.bucketcache.hit=0, duration.command.search.rawdata.bucketcache.hit=0, invocations.command.search.rawdata.bucketcache.miss=0, duration.command.search.rawdata.bucketcache.miss=0, invocations.command.search.rawdata.bucketcache.error=0, sourcetype_count__audittrail=355, roles='admin+power+user', search='search index=_audit sourcetype=audittrail']
Audit:[timestamp=01-25-2023 22:07:18.895, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:07:14.393, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/control]
Audit:[timestamp=01-25-2023 22:07:08.895, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:59.400, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/summary]
Audit:[timestamp=01-25-2023 22:06:59.385, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/timeline]
Audit:[timestamp=01-25-2023 22:06:59.370, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/events]
Audit:[timestamp=01-25-2023 22:06:59.370, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20/summary]
Audit:[timestamp=01-25-2023 22:06:59.365, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.365, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.364, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20]
Audit:[timestamp=01-25-2023 22:06:59.223, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:06:59.183, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.183, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.182, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20]
Audit:[timestamp=01-25-2023 22:06:59.162, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:06:59.156, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.156, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.155, user=admin, action=search, info=granted REST: /search/jobs/1674684419.20]
Audit:[timestamp=01-25-2023 22:06:59.149, user=admin, action=quota,search_id=1674684419.20, elapsed_ms=1, cache_size=4]
Audit:[timestamp=01-25-2023 22:06:59.148, user=admin, action=search, info=granted , search_id='1674684419.20', search='search index=_audit sourcetype=audittrail', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Tue Jan 24 22:00:00 2023', apiEndTime='Wed Jan 25 22:06:59 2023', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:59.146, user=admin, action=search, info=granted REST: /search/jobs]
Audit:[timestamp=01-25-2023 22:06:59.145, user=admin, action=search, info=granted REST: /search/ast]
Audit:[timestamp=01-25-2023 22:06:59.133, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.133, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.133, user=admin, action=edit_search_schedule_window, info=granted ]
Audit:[timestamp=01-25-2023 22:06:59.133, user=admin, action=edit_search_schedule_priority, info=granted ]
Audit:[timestamp=01-25-2023 22:06:58.901, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:55.095, user=admin, action=search, info=granted REST: /search/jobs/1674684414.19/summary]
Audit:[timestamp=01-25-2023 22:06:55.077, user=admin, action=search, info=granted REST: /search/jobs/1674684414.19/events]
Audit:[timestamp=01-25-2023 22:06:55.076, user=admin, action=search, info=granted REST: /search/jobs/1674684414.19/summary]
Audit:[timestamp=01-25-2023 22:06:55.070, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:55.070, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:55.069, user=admin, action=search, info=granted REST: /search/jobs/1674684414.19]
Audit:[timestamp=01-25-2023 22:06:54.922, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:06:54.874, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.874, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.873, user=admin, action=search, info=granted REST: /search/jobs/1674684414.19]
Audit:[timestamp=01-25-2023 22:06:54.864, user=admin, action=search, info=granted REST: /search/timeparser]
Audit:[timestamp=01-25-2023 22:06:54.859, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.858, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.858, user=admin, action=search, info=granted REST: /search/jobs/1674684414.19]
Audit:[timestamp=01-25-2023 22:06:54.851, user=admin, action=quota,search_id=1674684414.19, elapsed_ms=1, cache_size=3]
Audit:[timestamp=01-25-2023 22:06:54.850, user=admin, action=search, info=granted , search_id='1674684414.19', search='search index=_internalsourcetype=audittrail', autojoin='1', buckets=300, ttl=600, max_count=500000, maxtime=8640000, enable_lookups='1', extra_fields='*', apiStartTime='Tue Jan 24 22:00:00 2023', apiEndTime='Wed Jan 25 22:06:54 2023', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="UI:Search", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:54.849, user=admin, action=search, info=granted REST: /search/jobs]
Audit:[timestamp=01-25-2023 22:06:54.846, user=admin, action=search, info=granted REST: /search/ast]
Audit:[timestamp=01-25-2023 22:06:54.832, user=admin, action=list_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.832, user=admin, action=select_workload_pools, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.832, user=admin, action=edit_search_schedule_window, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.832, user=admin, action=edit_search_schedule_priority, info=granted ]
Audit:[timestamp=01-25-2023 22:06:54.484, user=admin, action=search, info=granted , search_id='ta_1674684414.18', search='typeahead prefix="index=_internalsourcetype=audittrail" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:54.252, user=admin, action=search, info=granted , search_id='ta_1674684414.17', search='typeahead prefix="index=_internalsourcetype=audittrai" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:54.156, user=admin, action=search, info=granted , search_id='ta_1674684414.16', search='typeahead prefix="index=_internalsourcetype=audittra" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:54.004, user=admin, action=search, info=granted , search_id='ta_1674684414.15', search='typeahead prefix="index=_internalsourcetype=audittr" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:53.867, user=admin, action=search, info=granted , search_id='ta_1674684413.14', search='typeahead prefix="index=_internalsourcetype=auditt" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:53.577, user=admin, action=search, info=granted , search_id='ta_1674684413.13', search='typeahead prefix="index=_internalsourcetype=audit" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:53.491, user=admin, action=search, info=granted , search_id='ta_1674684413.12', search='typeahead prefix="index=_internalsourcetype=audi" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:53.283, user=admin, action=search, info=granted , search_id='ta_1674684413.11', search='typeahead prefix="index=_internalsourcetype=aud" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:52.691, user=admin, action=search, info=granted , search_id='ta_1674684412.10', search='typeahead prefix="index=_internalsourcetype=au" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:52.379, user=admin, action=search, info=granted , search_id='ta_1674684412.9', search='typeahead prefix="index=_internalsourcetype=a" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:51.787, user=admin, action=search, info=granted , search_id='ta_1674684411.8', search='typeahead prefix="index=_internalsourcetype=" max_time="1" count="50" use_cache=1', autojoin='0', buckets=0, ttl=10, max_count=50, maxtime=8640000, enable_lookups='0', extra_fields='', apiStartTime='ZERO_TIME', apiEndTime='ZERO_TIME', apiIndexStartTime='ZERO_TIME', apiIndexEndTime='ZERO_TIME', savedsearch_name="", is_proxied=false, app="search", provenance="N/A", mode="historical"]
Audit:[timestamp=01-25-2023 22:06:48.907, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:44.730, user=admin, action=search, info=granted REST: /search/jobs/1674684254.6/control]
Audit:[timestamp=01-25-2023 22:06:38.902, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:29.734, user=admin, action=search, info=granted REST: /search/jobs/1674684254.6/control]
Audit:[timestamp=01-25-2023 22:06:29.009, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:19.397, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:15.893, user=admin, action=search, info=granted REST: /search/jobs/1674684254.6/control]
Audit:[timestamp=01-25-2023 22:06:09.739, user=admin, action=list_health, info=granted object="splunkd" operation=list]
Audit:[timestamp=01-25-2023 22:06:00.628, user=admin, action=search, info=granted REST: /search/jobs/1674684254.6/control]
Audit:[timestamp=01-25-2023 22:05:59.710, user=admin, action=list_health, info=granted object="splunkd" operation=list]