Matt Changchien covers a strange scenario:
When you read an Azure SQL Database audit log from Azure Storage using sys.fn_get_audit_file, you might encounter a situation where the audit log appears non-empty, but the query still returns an empty result. This discrepancy can be puzzling, especially when the official documentation doesn’t explicitly mention any limitations or requirements for the sys.fn_get_audit_file system function.
- Use Auditing to analyze audit logs and reports – Azure SQL Database & Azure Synapse Analytics | Micr…
- sys.fn_get_audit_file (Transact-SQL) – SQL Server | Microsoft Learn
In this post, I will shed light on these limitations and demonstrate them to provide clarity.
Read on to see when this might happen and what you can do about it.