The following can be used to determine who downloaded an attachment, when and the attachment name note that the subID and project OOID can be added to the query to limit the results.  Also limiting the time frame through Splunk presets is recommended as well;

Downloaded attachments
attachment | spath subscriptionId | search subscriptionId=<ADD subID HERE> | spath projectOid | search projectOid=<ADD project OOID HERE>| spath "javaRequestSpan.httpMethod" | search "javaRequestSpan.httpMethod"=GET | table userId,_time,javaRequestSpan.uri

The following is for uploaded attachments (add subID and project OOID as needed) 

Upload attachments
Attachments/add | spath subscriptionId | search subscriptionId=<ADD subID HERE> | spath "javaRequestSpan.httpMethod" | search "javaRequestSpan.httpMethod"=POST | spath projectOid | search projectOid=<ADD project OOID HERE> | table userId,  _time,javaRequestSpan.uri

Export a csv file of the results by clicking on the down arrow to the right;

<Please see attached file for image>