Splunk SIEM agent is used to gather data. Detect and Investigate data is collected properly. No Audit data is collected.
SIEM agent only collects Detect and Investigate data. It does not gather Audit data by design.
The SIEM agent does not collect and retrieve data from Audit.
Please work with your Sales Engineer to enter a feature request.
If you still want to export Audit data, please follow these steps as an alternative:
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.