Hi. There is are examples of Oracle activity monitoring in the white paper "Real-Time Oracle 11g Log File Analysis" available at http://pmdba.files.wordpress.com/2013/05/real-time-oracle-11g-log-file-analysis.pdf. Hopefully this will help; I think it is a little more specific "how to" than the Splunk documentation. A lot of different data input methods are described, including log files, TCP, and Splunk DB Connect, as well as lookup tables, sample searches and reports, and dashboards.

I have uploaded a new App (Splunk for Oracle Audit Trails) what can parse and analyze Oracle Audit Trails sent via syslog. It is not yet visible on SplunkBase but I hope it will be available soon.

Thanks for the reply Christian 😃 I'm actually looking for a way to audit the database activities e.g. what queries are performed on a specific table(s). I'm not interested in the content of the table.

What do you mean by activities? Events that are listed in the Oracle DB Manager?

As far as I am aware the Oracle DB Manager stores information's in a file, something like a logfile. This directory or file can be included as a data input.

Or just plain DB content?

If you like to read out informations from within a DB direct this App might be a help:

http://www.splunkbase.com/apps/All/4.x/Add-On/app:Example+lookup+using+a+Database

Hope that helps.

Cheers,

Christian