
audit
This feature is deprecated. |
---|
The audit command is deprecated and disabled in Splunk Cloud Platform version 8.2.2203 and Splunk Enterprise version 9.0.0. It will be removed in a future version. See the Release Notes.
|
Description
Returns audit trail information that is stored in the local audit index. This command also validates signed audit events while checking for gaps and tampering.
Syntax
audit
Examples
Example 1: View information in the "audit" index.
index="_audit" | audit
PREVIOUS associate |
NEXT autoregress |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.0.2205, 9.0.2208, 9.0.2209 (latest FedRAMP release), 8.2.2203
Feedback submitted, thanks!