# Audits

Lenses audits all user actions. Audit events can be viewed in Lenses and also sent to two channels, **Splunk** and **Webhook**.

{% hint style="success" %}
For version below Lenses 6.0 omit the environment selection.

Audits can also written to a file by setting a file path in the **lenses.audit.to.log.file** option in **lenses.conf.** Lenses will then write audit entries to disk as JSON for collection by your log aggregation systems.
{% endhint %}

## Viewing audit logs in Lenses

Go to **Environments->\[Your Environment]->Admin->Audits->Log**s. Lenses will display the activity including, who performed the action and when. Details can also be viewed (dependent on the action).

## Sending audit logs to Splunk

To send audit logs to Splunk, you first need a Splunk connection. Go to **Environments->\[Your Environment]->Admin->Connection->New Connection** and select Splunk.

Enter the connection details for your Splunk HTTP Event collector deployment.

Next, go to **Environments->\[Your Environment]->Admin->Audits->Channels->New Channel** and select Splunk. Select a Splunk connection and set a **Source**.

## Sending audit logs to a Webhook

First, you need a Webhook connection. Go to **Environments->\[Your Environment]->Admin->Connections->New Connection**

Enter the URL, port and credentials.

Create a Channel to use the connection. Go to **Environments->\[Your Environment]->Admin->Audits->Channels->New Channel** and select **`Webhook`**`.`

1. Choose a name for your Channel instance.
2. Select your connection.
3. Set the HTTP method to use.
4. Set the Request path. A URI-encoded request path, which may include a query string. Supports alert-variable interpolation.
5. Set the HTTP Headers
6. Set the Body payload

{% hint style="info" %}
Lenses can also audit users' access to data and send events to multiple channels at the same time.
{% endhint %}