New to Splunk. Have been tasked with finding a query to audit access to specific files. Any ideas?
Splunk doesn't know who accessed your files unless some tool provides that information. It could come from certain Windows events or from a Linux audit file.
We need more information about your environment and your use case.