| --replace the URL in the function with the appropriate URL for your file | |
| SELECT TOP 1000 * | |
| FROM sys.fn_get_audit_file('https://subscription.blob.core.windows.net/paths/auditfile.xel', default, default) | |
| WHERE (event_time <= '2019-02-20T21:56:36.631Z') | |
| /* additional WHERE clause conditions/filters can be added here */ | |
| and action_id IN ('DBAF') --look specifically for auth failures | |
| ORDER BY event_time DESC |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment