All Apps and Add-ons

Can someone tell me if there is compatibility between the Splunk add on for Microsoft Cloud Services and Azure China?

hmaldonado_splu
Splunk Employee
Splunk Employee

Can someone tell me if there is compatibility between the Splunk add on for Microsoft Cloud Services and Azure China? I am not referring to the add on for Azure.

0 Karma

tarungupta0311
Explorer

To Pull China event Hub data, Splunk Add-on for Microsoft Cloud Services requires 2 changes:-
1st * Edit $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_azureaccount.py
* Around line 88, we need to add a check for the Azure China region

if account_class_type == str(AccountClassType.GOVCLOUD_ACCOUNT):
self.cloud_environment = azure_cloud.AZURE_US_GOV_CLOUD
elif account_class_type == str(AccountClassType.CHINA_ACCOUNT):
self.cloud_environment = azure_cloud.CHINA_ACCOUNT
else:
self.cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD

2nd to map the event hubs $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local
Create “mscs_azure_accounts.conf”

[ProvideName]
account_class_type = 3
client_id = ******
client_secret = ******
tenant_id = ******

0 Karma

reynoldsj2008
Engager

I would like to know if anyone has had any success using the latest "Splunk Add-on for Microsoft Cloud Services" and connecting into China Azure Tenants?

I have a test Tenant and Subscription in China and attempting to build connectivity to pull the "Activity logs" from the Subscription.

I understand the APIs etc. are different from the US vs China Azure accounts, but was wondering if someone has used the Microsoft Cloud Add-on to pull in events from China?

0 Karma

jconger
Splunk Employee
Splunk Employee

I don't have a China region to test, but documentation on which APIs are used by the add-on are available here -> http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/APIs Cross referencing those with what services are available in the region ( https://azure.microsoft.com/en-us/regions/services/ ), I do not see a reason it would not work.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...