Splunk SIEM agent is used to gather data.
Detect and Investigate data is collected properly.
No Audit data is collected.
SIEM agent only collects Detect and Investigate data.
It does not gather Audit data by design.
The SIEM agent does not collect and retrieve data from Audit.
Please work with your Sales Engineer to enter a feature request.
If you still want to export Audit data, please follow these steps as an alternative: