audit
This feature is deprecated. |
---|
The audit command is deprecated and disabled in the Splunk platform as of version 8.2.2203. It will be removed in a future version. See the Release Notes.
|
Description
Returns audit trail information that is stored in the local audit index. This command also validates signed audit events while checking for gaps and tampering.
Syntax
audit
Examples
Example 1: View information in the "audit" index.
index="_audit" | audit
associate | autoregress |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202
Feedback submitted, thanks!