Thanks for your help here.  We installed the extension in our Splunk instance and it wants,   Name: API Key: Org ID: Name is just to describe the connection from what I understand. I gave our splunk admin an API key I created with an account that had org level access.   Provided our org ID But we're getting 401 errors When testing the API key it looks like I have to provide an email address and the token to pull down the audit logs.   How did you get around this?     ... View more

What does the add-on logs tell you? Any errors? "All errors should be logged to ta_confluence_audit_log_ingester.log, found in the internal index." https://splunkbase.splunk.com/app/6445 ... View more

Thanks for the information?  do you know how I can determine this data based on the most recent entry and the second most recent entry?   for example eval _raw="Heartbeat current Entry"-  "Heartbeat previous entry"   Also when I try your suggestion I'm getting an eval error Error in 'eval' command: The 'mvmap' function is unsupported or undefined.   Thanks again for your help!     ... View more

Thanks! that worked great. Had to switch some things around as far as the math but its working great. ... View more