
audit
This feature is deprecated. |
---|
The audit command is deprecated and disabled in the Splunk platform as of version 8.2.2203. It will be removed in a future version. See the Release Notes.
|
Description
Returns audit trail information that is stored in the local audit index. This command also validates signed audit events while checking for gaps and tampering.
Syntax
audit
Examples
Example 1: View information in the "audit" index.
index="_audit" | audit
PREVIOUS associate |
NEXT autoregress |
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1
Feedback submitted, thanks!