Splunk Add-on for Microsoft Cloud Services: Are th...

briancameron · ‎05-03-2018

Do we know if the Microsoft account you need to setup requires a full Enterprise E3 license or Enterprise mobility EMS or if there are any other licensing issues/concerns to be aware of when installing?

briancameron · ‎05-21-2018

I have been trying to follow this blog which explains how to go through this process of setting up for audit logs:
https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html

Step #13 states you need to setup an Azure subscription role. However, with my current Microsoft subscription level (Access to Azure Active Directory) does not provide an option to configure roles. When I try to put the Client ID, Secret, and Tenant ID I get an error message that says "REST ERROR[1021]: Fail to decrypt the encrypted credential information - Failed to get credentials".

Do I need to upgrade my account so I can setup the Azure subscription role? Or is there another way to work around this issue? I am hopeful since the previous answer suggested there are no license requirements.

jconger · ‎05-03-2018

There are no special license requirements to use the Splunk Add-on for Microsoft Cloud Services. You can even use the add-on with plain Pay-as-you-go subscriptions or free trial subscriptions.

Splunk Add-on for Microsoft Cloud Services: Are there any Microsoft Account License Requirements?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes