Using the connector

This page describes how to use the connector to search and monitor the audit logs.

Search for logs

In the Search field, enter your search term or regular expression to search for certain logs.

The following table describes the main fields from the SCM Audit API response.

Field	Description
Service	The name of the service that generated an audit event.
Event	The action that was performed.
Login ID	The login ID of the person that performed the action.
Customer ID	The ID of the customer who owns the audit logs.
Details	The event-specific details.

Field

Description

Service

The name of the service that generated an audit event.

Event

The action that was performed.

Login ID

The login ID of the person that performed the action.

Customer ID

The ID of the customer who owns the audit logs.

Details

The event-specific details.

To find runtime logs, enter this query in the search bar:

index=_internal source=*splunkd.log* (component=ModularInputs stderr) OR component=ExecProcessor TA-sectigo