Hi all,
I am new here. I just using Splunk App for Microsoft SQL Server but without any data.
1 My splunk server version is 5.0.6
2 windows 2008 server sp2 + MS SQL 2008 server enterprise
3 I followed all step of installation document. I do see security eventcode 33205
When I using sourcetype="WinEventLog:Security" at splunk search bar , I got the following result.
12/08/2013 08:52:05 PM
LogName=Security
SourceName=MSSQLSERVER$AUDIT
EventCode=33205
EventType=0
Type=info
ComputerName=WIN-DZ8JDWE5XJV
User=Administrator
Sid=S-1-5-21-452095144-2453852085-683102615-500
SidType=1
host=WIN-DZ8JDWE5XJV sourcetype=WinEventLog:Security source=WinEventLog:Security
When I run the lookup generator on this app, I got no result of all 5 lookup.
Does anybody know what should I do or missing something? Please advise.
Thank you very much!
Anthony
... View more