Splunk 10 Audit Trail App: Track "Who Did What" Without Queries

Have you ever logged into Splunk only to find a critical dashboard deleted or a report missing? In the past, finding out "who did it" meant diving into the _audit index and writing complex SPL queries. With Splunk 10, that workflow is gone.

In this video, we take a first look at the brand new Splunk 10 Audit Trail App. This out-of-the-box feature provides a clean, visual interface to track user logins, failed attempts, and—most importantly—object modifications. No more parsing cryptic logs to find out who changed your permissions!

In this video, I cover: 🔹 The "Before & After": Why you no longer need complex SPL for basic auditing. 🔹 Accessing the App: Where to find the Audit Trail in the Splunk 10 interface. 🔹 The Users Dashboard: Instantly see who is logging in, failing logins, and running admin actions. 🔹 Object Modifications: The game-changer feature that tracks creations, updates, and deletions of knowledge objects.

#Splunk #Splunk10 #SysAdmin #SplunkAdmin #AuditTrail #CyberSecurity #Observability #SplunkTutorial

Join this channel to get access to perks:
https://www.youtube.com/channel/UCdSFSscTkK8oGd_kD_eENFw/join

Видео Splunk 10 Audit Trail App: Track "Who Did What" Without Queries канала Lame Creations