You can view the search activities that are being done on the data source server by the authorized requestor server. You can see what queries are being done and how frequently they are being done. Based on the search activity, you might want to assign a more/less restrictive proxy role or even disable access to the data source server.
You can also refine the search activity query. For example, you can change the date range to see what queries have been performed today or yesterday or in the last hour, or you can drill down to see the queries that were made by particular users on the authorized requestor.
Log in to the data source server as an administrator.
Click Integration in the toolbar, and then click Sentinel.
The Data Federation page that is displayed has two sections: Data Sources and Authorized Requestors.
In the Authorized Requestors section, a list of authorized requestor servers is displayed. Click the Search Activities link for the authorized requestor server for which you want to view the search activities.
The search activities page is displayed that lists the audit events that are retrieved from all of the distributed search requests the data source server has received from that particular authorized requestor.