All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Has anyone successfully configured Splunk Add-on for Microsoft Cloudservices Azure Audit?

jsantosoptum
New Member
‎10-12-2017 04:02 PM

I have tried creating inputs for both:
Azure Audit
Azure Resource

I also created the required Azure App Account that is referenced when creating the input. The Azure App Account was created with the required Client ID, Key(Client Secret), and Tenant ID

I have also created Data Inputs by selecting my specific Splunk Add-on such as Microsoft Cloudservice Azure Audit which can be found by going to Setttings > Data Inputs > Splunk Add-on for Microsoft Cloudservice Azure Audit and nothing has worked to get data into my index.

According to the Splunk docs Azure Audit is to be used when trying to pull data from Azure applications that use Azure Application Insights.

Can anyone tell me if they have this working and if so what was configured? All of my Splunk configurations were done through the GUI.

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎01-26-2018 01:01 PM

This blog post details all the necessary steps to enable the Audit input -> https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html

Here is a handy search to help troubleshoot:

index=_internal source=*cloudservices* error
0 Karma
Reply

jsantosoptum
New Member
‎10-16-2017 11:58 AM

Thanks Maciep. I opened a ticket with Azure support and will be with them online today troubleshooting this issue. I will post the information provided today if it gets things working.

Thanks for the video!

0 Karma
Reply

maciep
Champion
‎10-15-2017 05:29 AM

Not sure about getting your config to work (we struggle with o365 connection/input with that add-on). But my understanding is that the plan for now at least (ms always seems to be changing it), is to send everything to Azure Monitor. Maybe that's not the case for your data?

But they do have a TA specifically for Azure Monitor now. We struggled getting that add-on to work as well, but the developer was very responsive and helped us through installing/configuring it.

Azure Monitor Add-on For Splunk

And here is their session at .conf this year:

Monitor and Manage Your Cloud Environment with Azure Monitor and Splunk

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...