My main goal is to be able to create reports and alerts in my SIEM based on what individual searched for and accessed what patient records, and when. Does anybody have any experience with this? I've been ingesting audit logs in to Splunk but I'm having a hard time getting useful data.