Hi bleung93,
with auditing enabled, every interaction with Splunk -- search, configuration changes, etc -- generates an audit event in the index=_audit
. Here is a list of activities that generate audit events:
Read more about auditing in the docs
hope this helps ...
cheers, MuS
Hi bleung93,
with auditing enabled, every interaction with Splunk -- search, configuration changes, etc -- generates an audit event in the index=_audit
. Here is a list of activities that generate audit events:
Read more about auditing in the docs
hope this helps ...
cheers, MuS