Does Splunk provide measures protecting against / detecting the tampering of the Splunk logs/data?
The only thing I could find are the hash values for integrity:
https://docs.splunk.com/Documentation/Splunk/8.0.1/Security/Dataintegritycontrol
For example, a malicious administrator could add, change, remove or reorder events afterwards.
I search for techniques related to tamper-evident logging like forward integrity (by key evolution), hash chains, Merkle tree and linking hash values to public media (blockchain, ...).
Blockchain is coming:
https://www.splunk.com/en_us/blog/security/the-newest-data-attack.html
The Data Integrity feature is all Splunk offers to detect tampering with data. Note that Splunk logs are also indexed and, therefore, protected by Data Integrity.