Microsoft Azure Active Directory reporting Add-on ...

jnowotny · ‎10-17-2017

If we elect to install this add-on to only a search head, how is the data collected? We have everything configured per the Details tab but no luck in displaying any results in Search.

jnowotny · ‎10-17-2017

Turns out in the Inputs configuration we were unable to query further back in time than the default of 24 hours and 7 days for Sign-Ins and Audits respectively.

diomanz · ‎10-31-2017

I have configured Microsoft Azure Active Directory reporting Add-on for Splunk by creating two inputs
1. Add Microsoft Azure Active Directory Sign-ins
2. Add Microsoft Azure Active Directory Audit
3. configure Client ID and secret on configuration tab.
All done on search head.
We are getting sign-in data but we are not getting AD audit data
Environment: Splunk cloud

Prior to configuring the above app I configured Splunk Add-on for Microsoft Cloud Services and used the same Azure Tenant ID

Microsoft Azure Active Directory reporting Add-on for Splunk: How is the data collected if this is installed on the search head?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!