Events of Interest from a Splunk Admin perspective

As our deployment has grown from basically myself performing administrative duties to adding a second body as well as running into a couple other things we've wanted increased visibility when certain activities have taken place. Over time we've merged these into a rather ugly query. It has proved itself a time or three though so figured I'd share. In putting something like this into place you need to figure out a few things. How frequently it will run, who it goes to, etc. You might find you want certain aspects to run more frequently than others which would require more than one query. YMMV