Looking at the documentation for the Splunk Add-on for Microsoft SQL Server, it specifies that the versions of SQL supported are Enterprise...
does this not work on Standard/Express edition? Or can it be installed, but would just be missing some functionality?
What add-on specifically from Splunkbase are you referring to when you say "SQL Add-on"?
Are you talking about the Splunk Add-on for Microsoft SQL Server?
Yes, that is the add-on I'm talking about...looking at this link, for Vendor Products it specifically mentions Enterprise on the SQL Versions:
It is possible that it only supports certain versions.
In SQL 2005 and SQL 2008 the audit stuff was only in SQL Enterprise. In 2012 MS moved the server audit stuff into SQL Standard, but left the DB audit stuff in Enterprise.
Server audit stuff is like log on, log off, backups - service manipulation and auditing.
Database audit on the other hand can be enabled on individual rows and other data itself.
It could possibly be that it used to require Enterprise, but SQL 2012 and up it'll work OK on Standard and they've just forgotten to update the docs. There's not much harm in trying it in either case.