Returns audit trail information that is stored in the local audit index. This command also validates signed audit events while checking for gaps and tampering.
Example 1: View information in the "audit" index.
index="_audit" | audit
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the audit command.
This documentation applies to the following versions of Splunk Cloud™: 7.0.11, 7.0.13, 7.1.3, 7.1.6, 7.2.4, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 8.0.2001