Splunk Search

How to build a query to audit file access on specific files?

kymenope
Explorer

New to Splunk.  Have been tasked with finding a query to audit access to specific files.  Any ideas?

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk doesn't know who accessed your files unless some tool provides that information.  It could come from certain Windows events or from a Linux audit file.

We need more information about your environment and your use case.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...