All Apps and Add-ons

How to ingest Microsoft .xel logs

ericlarsen
Path Finder

I have a need to ingest certain SQL Server logs, in a proprietary .xel format, into Splunk.

Do I need to somehow first get these logs into a common file type/format before ingesting them? If so, how would I do that?

Thanks.

0 Karma

badrinath_itrs
Communicator

SPLUNK does not support ingestion of .xel format logs directly, but you can use the sys.fn_xe_file_target_read_file function on the SQL server side to convert the logs and may use DB Connect to ingest the data into SPLUNK .

ericlarsen
Path Finder

Thanks for the response. Since I have a large number of servers, I'm trying to avoid using DB Connect. I was hoping for direct ingestion.

0 Karma

zippo706
Explorer

Hello,

I am curious if you have found another way to accomplish this.    For us, going through audit functions to a blob storage on a heavily used azure sql database is beyond painful and completely impractical.   

0 Karma

arjunpkishore5
Motivator

You can do direct ingestion if they are text files, not proprietary .xel files. So if you can convert them beforehand, then yes

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...