ExtraHop now has a Splunkbase app for database monitoring. Databases supported are Oracle, Microsoft SQL, Informix, DB2, Sybase and Sybase IQ, Postgres, and MySql.
http://splunk-base.splunk.com/apps/53757/extrahop. Disclaimer: the Splunk App does require the ExtraHop APM platform to be installed as a real-time feed for Splunk.
By "SQL", what do you mean? Microsoft SQL Server? MySql? Generic log data written into a relational database? Or something else?
What types of logs from SQL are you trying to get? If you are looking to monitor the data being written to and read from a table, that sounds like a trace flag that you would write out to a file and then Splunk can pick up that file. I am not a SQL guy, but that is how I have seen it done before.
if you are using SQL 2005 or greater, you can to put in a login trigger. Within that trigger you can have it write to a file or to the Windows events (prefered).
I'm concern more on who is accessing my SQL Server and other System Status.
http://splunk-base.splunk.com/apps/search/?q=sql
Not currently, no. Build one! 🙂
Like any input, as long as it's text Splunk will index it. Windows event logs, the errorlog files, etc.
So how do you monitor SQL logs now? Do you just monitor Windows Event Logs in your SQL Servers?