I have a requirement to monitor certain activities by few set of SQL Server logins. I will use SQL Server extended events to capture them.
I want to load the extended events data back to Splunk and create some alerts based on activities. Such as if a login attempts is tried more than 4 times, an alert should be generated in the real time.
Is there any way to connect to SQL Server to read extended events records from DMV or xel file or a stored procedure can be called from SQL Server and output can be loaded into Splunk?
... View more