Splunk does not "identify" anything - you use splunk to identify stuff in data. MS Word does not write a letter for you, but you can use it to write and format one.
There are two basic steps you need to do: 1) get the data from the sources to monitor into splunk, 2) in that data, find pieces of evidence or run statistics that indicate a problem or violation.
A primary type of data ingested with splunk is log data. In oder to get you started with point one, you need to enable logging on your SQL database, i.e. make it write all (attempted) accesses and run queries to log files, and monitor those log files with splunk. You will then be able to search through those logs, and will have to identify what queries are not supposed to be run/which users are not supposed to log on/which IPs are not supposed to contact the server and all that. But bear in mind that everything you want to find out about has to be somewhere in that log data. If the logs only contain info on the queries run and not on who ran them from which ip, then you can not use that data in splunk.
... View more