Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
--replace the URL in the function with the appropriate URL for your file
FROM sys.fn_get_audit_file('', default, default)
WHERE (event_time <= '2019-02-20T21:56:36.631Z')
/* additional WHERE clause conditions/filters can be added here */
and action_id IN ('DBAF') --look specifically for auth failures
ORDER BY event_time DESC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.