You can view audit logs of the access details for a particular user in a given time period.
To view the audit logs for users:
By default, the Overview tab displays the a summary of the selected user.
Use the device filter in the content pane to search for specific devices where selected group has permissions. The Devices with activity filter is applied by default. The filter pane displays the list of filers or web applications that have some shares or site collections on which the selected user has activity.
At the share-level in the hierarchy, you can also filter the paths using other predefined filters, such as disabled share or site collections where the user has activity.
Additionally, you can also filter the audit logs based on the following criteria:
The IP address of the computer that the user has generated the access activity from.
The type of access for which you want to view audit logs. For SharePoint web applications, you can specify either access type (meta operations, such as Read, Write, Delete, Create, and Rename) or access details (SharePoint operations).
Data Insight maps all SharePoint access types such as checkout, view, check in, write, update, delete, and move to Data Insight meta access types - Read, Write, Delete, and Rename.
You can enter multiple values separated by commas. Enter the filter criteria in the relevant fields and click Go.
The name of the file that is accessed.
The path of the file.
The type of access event.
In case of a folder on a SharePoint site, the SharePoint access type such as checkout, view, check in, write, or update.
The type of file.
The access count.
The IP address of the computer from which the file was accessed.
Currently, you cannot view the IP address of the computer from which the file was accessed for Windows File Servers, VxFS filers, and SharePoint sites.
The start and the end time of the access events.
More Information