If you are not able to ingest data that already is produced that contains the query information, you could explore Splunk Stream to pull out the SQL query from the wire data. This could be quite the change so comparing it against enabling the trace log might be a good exercise. If the traffic is encrypted, the cert will be required to decrypt the traffic but you would be able to see the query, transaction times, etc.

The following Splunk Lantern use case is very applicable to your question as well using Splunk Stream. https://lantern.splunk.com/hc/en-us/articles/360053617474-Analyzing-wire-data-from-databases