Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

For how many days we can get the audit.log - in splunk ?

chimbudp
Contributor
‎06-21-2013 01:01 AM

Since 5th December 2012 , I am using Splunk on windows OS.
For audit purpose i need the audit.log files from December 2012 to Till date .
But, I could found audit.log files available only for this June month only.
Whether the old audit.log will be archived somewhere? or deleted ?
Where can i get the configurations for log files ?

Kindly please help me in this.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎06-21-2013 01:50 AM

audit.log itself is rotated on a regular basis, but its contents are indexed as well in Splunk's index _audit.

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎06-21-2013 01:50 AM

audit.log itself is rotated on a regular basis, but its contents are indexed as well in Splunk's index _audit.

Reply
Solved! Jump to solution

chris
Motivator
‎06-22-2013 02:41 PM

You might be out of luck for the _internal index it is not kept for a long time. You can run the following command and check the frozenTimePeriodInSecs (and override it if needed for the future): $SPLUNK_HOME/bin/splunk btool indexes list _internal

0 Karma
Reply
Solved! Jump to solution

chimbudp
Contributor
‎06-21-2013 05:25 AM

Thanks Ayn. Does this same applies to Splunkd.log ? Like audit.log , splunkd.log gets indexed in _internal index. But, here only last 2 months data available ?How can i get older data ?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...