All Apps and Add-ons
Highlighted

How to ingest Microsoft .xel logs

Path Finder

I have a need to ingest certain SQL Server logs, in a proprietary .xel format, into Splunk.

Do I need to somehow first get these logs into a common file type/format before ingesting them? If so, how would I do that?

Thanks.

0 Karma
Highlighted

Re: How to ingest Microsoft .xel logs

Communicator

SPLUNK does not support ingestion of .xel format logs directly, but you can use the sys.fnxefiletargetread_file function on the SQL server side to convert the logs and may use DB Connect to ingest the data into SPLUNK .

Highlighted

Re: How to ingest Microsoft .xel logs

Path Finder

Thanks for the response. Since I have a large number of servers, I'm trying to avoid using DB Connect. I was hoping for direct ingestion.

0 Karma
Highlighted

Re: How to ingest Microsoft .xel logs

You can do direct ingestion if they are text files, not proprietary .xel files. So if you can convert them beforehand, then yes

0 Karma
Highlighted

Re: How to ingest Microsoft .xel logs

Observer

Hello,

I am curious if you have found another way to accomplish this.    For us, going through audit functions to a blob storage on a heavily used azure sql database is beyond painful and completely impractical.   

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.