Am logging all the SQL Server audit logs to the .sqlaudit files. Can the Splunk agent forwarder read such files and forward them to the indexer ?
Tks
three years later, there's a different solution:
Splunk Add-on for Microsoft SQL Server - docs here: