All Apps and Add-ons

Can someone tell me if there is compatibility between the Splunk add on for Microsoft Cloud Services and Azure China?

hmaldonado_splu
Splunk Employee
Splunk Employee

Can someone tell me if there is compatibility between the Splunk add on for Microsoft Cloud Services and Azure China? I am not referring to the add on for Azure.

0 Karma

tarungupta0311
Explorer

To Pull China event Hub data, Splunk Add-on for Microsoft Cloud Services requires 2 changes:-
1st * Edit $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_azureaccount.py
* Around line 88, we need to add a check for the Azure China region

if account_class_type == str(AccountClassType.GOVCLOUD_ACCOUNT):
self.cloud_environment = azure_cloud.AZURE_US_GOV_CLOUD
elif account_class_type == str(AccountClassType.CHINA_ACCOUNT):
self.cloud_environment = azure_cloud.CHINA_ACCOUNT
else:
self.cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD

2nd to map the event hubs $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local
Create “mscs_azure_accounts.conf”

[ProvideName]
account_class_type = 3
client_id = ******
client_secret = ******
tenant_id = ******

0 Karma

reynoldsj2008
Engager

I would like to know if anyone has had any success using the latest "Splunk Add-on for Microsoft Cloud Services" and connecting into China Azure Tenants?

I have a test Tenant and Subscription in China and attempting to build connectivity to pull the "Activity logs" from the Subscription.

I understand the APIs etc. are different from the US vs China Azure accounts, but was wondering if someone has used the Microsoft Cloud Add-on to pull in events from China?

0 Karma

jconger
Splunk Employee
Splunk Employee

I don't have a China region to test, but documentation on which APIs are used by the add-on are available here -> http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/APIs Cross referencing those with what services are available in the region ( https://azure.microsoft.com/en-us/regions/services/ ), I do not see a reason it would not work.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...