In order for you to integrate with SQL data, you need to use the DB connect App as its designed for this purpose. You have to then configure it to communicate with the SQL server, this requires various services and other components and yes there are lots of small steps, but work through them slowly. The Change Data Capture sounds like any other table so you should be able to query it within the DB connect app and send that data to Splunk, once you have it configured. #Start here - Follow these steps carefully. This is really good documentation - ensure you configure for your environment SQL server. https://lantern.splunk.com/Splunk_Platform/Product_Tips/Extending_the_Platform/Configuring_Splunk_DB_Connect #Install DB connect - This is typically installed onto a Heavy Forwarder (Splunk instance) Or for small environments you can install on a Search Head or All in one - but you may have performance issue should you be running lots searches, other splunk apps, and other functions etc.) The DB connect app cant be installed onto a UF. https://splunkbase.splunk.com/app/2686 #Docs https://docs.splunk.com/Documentation/DBX/3.17.1/DeployDBX/AboutSplunkDBConnect
... View more
