We would like to ingest the Oracle's UNIFIED_AUDIT_TRAIL table and the SQL server's MSSQL\SQLAudit\*.sqlaudit files.
How should we do it? Should we index the Oracle's UNIFIED_AUDIT_TRAIL table? Is there maybe an add-on? And what should we do on the SQL Server side? Should we read the files themselves?
We also wonder whether the Windows event logs have information about the SQL Server audit information.
A good conversation about the Oracle audit trails at - https://community.splunk.com/t5/Splunk-Search/How-to-index-Oracle-audit-trails-stored-in-aud-files/m...