Hello, In our unique environment, we face some limitations. We cannot directly install Splunk forwarders on the database servers, nor can we create a Splunk user account within the databases. Here’...
See more...
Hello, In our unique environment, we face some limitations. We cannot directly install Splunk forwarders on the database servers, nor can we create a Splunk user account within the databases. Here’s the situation: Server A (DB server): Our databases generate SQLAudit files. Server B (Relay): These SQLAudit files are transmitted from server A to a different 'relay' server (let’s call it Server B). Unfortunately, Server B also cannot accommodate Splunk forwarders. Server C (Universal Forwarder): From Server B, the audit files are further transmitted to another server (Server C). On Server C, we have a Splunk Universal forwarder that should upload the SQLAudit files to our Splunk Cloud instance. The challenge lies in the fact that SQLAudit files are in a native format that Splunk cannot directly interpret. While the ideal solution would be to install forwarders directly on the original DB servers (which is not feasible for us), we also recognize that using DB connect and creating a Splunk account on the DB is not an option. Given these constraints, are there any other viable options we can explore? Best regards,