How to track who all queried/accessed a field(that has sentive info like Driver Licence#) in SQL Server and report it in Splunk?

New Member

I have a table with some sensitive info like Driver License# stored. Would like to report on which user accesses/queries that field. Like when, how many rows, what is the login that accessed etc. What splunk app/feature that lets me achieve this?

Tags (1)
0 Karma


I think you would need to setup an audit in the SQL server first, like described here:

It will create an audit DB and you can read that DB with DB Connect.
Than you can either index that data or query directly from the DB using DB Connect, and alert from it.

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...