ITSI Audit Logs table | seriesByName(\"Method\") | matchValue(MethodColumnColorConfig)" } } }, "context": { "MethodColumnColorConfig": [ { "match": "get_all", "value": "#F8BE34" }, { "match": "delete_all", "value": "#DC4E41" }, { "match": "edit", "value": "#006D9C" }, { "match": "get", "value": "#53A051" }, { "match": "batch_save", "value": "#FF66CC" } ] }, "dataSources": { "primary": "ds_ZhPx0O39" } }, "viz_d3lE4uG0": { "type": "splunk.markdown", "options": { "markdown": "**NOTE:** You're now using the latest ITSI Audit Logs Dashboard experience. The old version is deprecated and no longer receiving updates. [Access the old dashboard.](/app/itsi/itsi_audit_logs_deprecated)", "fontSize": "large" } } }, "dataSources": { "ds_ZhPx0O39": { "type": "ds.search", "options": { "query": "index=_internal sourcetype=itsi_internal_log sub_component=itoa_storage | eval time = strftime(_time, \"%m/%d/%Y %H:%M:%S %p\") | table user, method, objecttype, filter, time | rename user as User, method as Method, objecttype as \"Object Type\", filter as \"Filter/Object IDs\", time as Timestamp", "queryParameters": { "earliest": "$field1.earliest$", "latest": "$field1.latest$" } }, "name": "Table search" } }, "defaults": { "dataSources": { "ds.search": { "options": { "queryParameters": {} } } } }, "inputs": { "input_dVcSxbCs": { "type": "input.timerange", "options": { "token": "field1", "defaultValue": "-24h@h,now" }, "title": "" } }, "layout": { "type": "grid", "options": { "height": 250, "width": 1440 }, "structure": [ { "item": "viz_d3lE4uG0", "type": "block", "position": { "x": 0, "y": 0, "w": 1440, "h": 64 } }, { "item": "viz_lQsxSNvq", "type": "block", "position": { "x": 0, "y": 64, "w": 1440, "h": 649 } } ], "globalInputs": [ "input_dVcSxbCs" ] }, "description": "A view of audit logs concerning the access, deletion, and modification of ITOA objects.", "title": "ITSI Audit Logs" } ]]>