audit
This feature is deprecated. |
---|
The audit command is deprecated and disabled in Splunk Cloud Platform version 8.2.2203 and Splunk Enterprise version 9.0.0. It will be removed in a future version. See the Release Notes.
|
Description
Returns audit trail information that is stored in the local audit index. This command also validates signed audit events while checking for gaps and tampering.
Syntax
audit
Examples
Example 1: View information in the "audit" index.
index="_audit" | audit
associate | autoregress |
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10
Feedback submitted, thanks!