Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

For how many days we can get the audit.log - in splunk ?

chimbudp
Contributor
‎06-21-2013 01:01 AM

Since 5th December 2012 , I am using Splunk on windows OS.
For audit purpose i need the audit.log files from December 2012 to Till date .
But, I could found audit.log files available only for this June month only.
Whether the old audit.log will be archived somewhere? or deleted ?
Where can i get the configurations for log files ?

Kindly please help me in this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎06-21-2013 01:50 AM

audit.log itself is rotated on a regular basis, but its contents are indexed as well in Splunk's index _audit.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎06-21-2013 01:50 AM

audit.log itself is rotated on a regular basis, but its contents are indexed as well in Splunk's index _audit.

Reply
Solved! Jump to solution

chris
Motivator
‎06-22-2013 02:41 PM

You might be out of luck for the _internal index it is not kept for a long time. You can run the following command and check the frozenTimePeriodInSecs (and override it if needed for the future): $SPLUNK_HOME/bin/splunk btool indexes list _internal

0 Karma
Reply
Solved! Jump to solution

chimbudp
Contributor
‎06-21-2013 05:25 AM

Thanks Ayn. Does this same applies to Splunkd.log ? Like audit.log , splunkd.log gets indexed in _internal index. But, here only last 2 months data available ?How can i get older data ?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...