Hello I have a problem with some .sqlaudit files These files are being stored in the following path Z: \ audit \ Install a forwarder but Splunk doesn't seem to recognize these files. Use the Splunk app add-on for SQL Servers, and only be logs of Performance. Does anyone know how I can get the .sqludit files?
Di you manage to find a solution for this. I am having the same problem. My environment was already setup by someone else, and when I do a search with index=sql I get 10 source which include the ERRORLOG files in MSSQL\Log\ folder and another source called "Index SQL CDS Server Audit", not sure where this source is coming from.
I cannot see any logs originating from the .sqlaudit file