Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk and Azure SQL audit via Event Hub

zippo706
Explorer
‎03-17-2021 06:03 PM

I'm not sure how to even troubleshoot this.

A few weeks ago, we started a dropoff in events into splunk.   We are sending Azure SQL Server audit logs via event hub picked up by Azure Add-on for Splunk.   our traffic has NOT changed.   Our HF has not changed.

I can't see my activity anymore (a month ago i saw everything I did).   Now, i have no visibility to my traffic.   I am seeing traffic from web servers and some other users, but not sure i trust it now.   There has been a drop off in events.

What can I do to troubleshoot what is going on here?  I can turn on verbose logging, but since i can't throttle or specify what is getting logged (server log, not db log), it would be 000s of messages in a very heavily used database.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

masonwillinger
Explorer
‎04-14-2021 11:07 AM

Azure Event Hub connectivity was recently deprecated in the Azure Add-on for Splunk. That functionality has been moved to the Splunk Add-on for Microsoft Cloud Services (https://splunkbase.splunk.com/app/3110/). Not saying there isn't another issue causing the drop-off, but it might be worth investigating moving that Event Hub connection to the other add-on.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...