Splunk Enterprise Security

How to write a Splunk audit search?

sulaimancds
Engager

hi,

 

i need to create a query or where can i find this information.

 

i want the list of users who has run queries , for auditing purpose ,with the keyword PII on those queries which was run.

 

Please help.

 

 

Labels (2)
0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @sulaimancds .. the _audit index will have all splunk user's search commands (search history).

 

please check this:

https://community.splunk.com/t5/Splunk-Search/Get-user-s-search-history/m-p/57744

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...