Documentation > Splunk > Search Reference > audit

Search Reference

 


Introduction
Search Overview
Search Reference Overview
Search Commands and Functions
Search Command Reference
Custom Search Commands
Internal Search Commands
Search in the CLI

audit

Contents

audit

Synopsis

Returns audit trail information that is stored in the local audit index.

Syntax

audit

Description

View audit trail information stored in the local audit index. Also decrypt signed audit events while checking for gaps and tampering.

Examples

Example 1: View information in the "audit" index.

index="_audit" | audit

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the audit command.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.2.4/SearchReference/Audit"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!