Splunk Enterprise

SPLUNK SQL AUDIT

edgarsilva01
Path Finder
Hello

I have a problem with some .sqlaudit files

These files are being stored in the following path Z: \ audit \
Install a forwarder but Splunk doesn't seem to recognize these files.

Use the Splunk app add-on for SQL Servers, and only be logs of Performance.

Does anyone know how I can get the .sqludit files?
Labels (1)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust
sqlaudit files are not text so they will not be indexed by Splunk. You will need to use a third-party tool to export the sqlaudit file to a text file that can be indexed.
---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

soutamo
SplunkTrust
SplunkTrust
0 Karma

edgarsilva01
Path Finder

Hi Soutamo,

 


The link process is already done, however the output of the files is .sqlaudit and in the same way Splunk does not index them 😞

 

 

0 Karma

soutamo
SplunkTrust
SplunkTrust

Hi

does this https://stackoverflow.com/questions/48345774/output-sqlaudit-file-results-to-text-file-tsql help you? Unfortunately I haven’t any ms sql where to test this. 

r. Ismo

0 Karma

richgalloway
SplunkTrust
SplunkTrust
sqlaudit files are not text so they will not be indexed by Splunk. You will need to use a third-party tool to export the sqlaudit file to a text file that can be indexed.
---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

edgarsilva01
Path Finder

Hi Richgalloway

 

What process do you recommend?

 

Regards

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!