The Admin Assistant allows Splunk admins to monitor data ingestion and onboarding, RBAC config, user onboarding, and more! Dashboard panels are powered by internal logs, the Splunk REST API, and reporting commands.
Try using: |rex field=search "index\s?=\s?(\\\)?\"?(?<indexes_searched>[^\)\"\s\\\]+)"
instead of | rex field=search "(?:[^\"\']|^)index=(?<indexes_searched>[^\s\=]+)"
It will get you more indexes when users have a space or use "index IN (".
Cool app, btw. I've got something similar, but this is a lot cleaner.