If you are using Oracle Unified Audit (starting with Oracle 12c R1), you can use the following
Oracle Unified Audit App for Splunk
https://splunkbase.splunk.com/app/6172/
best regards
Altin
Hi. There is are examples of Oracle activity monitoring in the white paper "Real-Time Oracle 11g Log File Analysis" available at http://pmdba.files.wordpress.com/2013/05/real-time-oracle-11g-log-file-analysis.pdf. Hopefully this will help; I think it is a little more specific "how to" than the Splunk documentation. A lot of different data input methods are described, including log files, TCP, and Splunk DB Connect, as well as lookup tables, sample searches and reports, and dashboards.
I have uploaded a new App (Splunk for Oracle Audit Trails) what can parse and analyze Oracle Audit Trails sent via syslog. It is not yet visible on SplunkBase but I hope it will be available soon.
Splunk for Oracle Audit Trails is available for download from: http://splunk-base.splunk.com/apps/36943/oracle-audit-trail
Thanks for the reply Christian 😃 I'm actually looking for a way to audit the database activities e.g. what queries are performed on a specific table(s). I'm not interested in the content of the table.
What do you mean by activities? Events that are listed in the Oracle DB Manager?
As far as I am aware the Oracle DB Manager stores information's in a file, something like a logfile. This directory or file can be included as a data input.
Or just plain DB content?
If you like to read out informations from within a DB direct this App might be a help:
http://www.splunkbase.com/apps/All/4.x/Add-On/app:Example+lookup+using+a+Database
Hope that helps.
Cheers,
Christian