Getting Data In

Can I collect application logs from Azure to Splunk?

Koko12345678
Explorer

I already know that I can collect application logs into Azure application insight, and use a storage account streaming this data to event hub, but can splunk pull this data? if yes, how can I configure input in Splunk to do that.
If someone has a documentation about that it will be very helpful.

Tags (2)
0 Karma

larmesto
Path Finder

This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/

regards,

0 Karma

Paul1896
Path Finder

Hello larmesto,

is it possible to grab application logs which are stored in an azure event hub as well or only acitivity logs?

0 Karma

mayurr98
Super Champion

Hello

Yes, there are several apps and add-ons that are available to pull data from event hub.
have a look at this app:
https://splunkbase.splunk.com/app/3534/

Also,have a look at this detail documentation:
https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

let me know if this helps!

0 Karma

saikiran334
Explorer

@Koko12345678, out of curiosity ,
Any how you have application logs in Azure for long term storage , and may i know why again you want to index this data from AZure to Splunk ?( any specific requirement )

0 Karma

Koko12345678
Explorer

I couldn't see anything that related to Azure application logs.
just activity log, diagnostic logs and metrics

0 Karma

mayurr98
Super Champion

well i meant that you can monitor event hub data. so it could be anything this app monitors event hub.If you send application logs to event hub add-on will get data from event hub. you can give it a try.

Another approach is using HTTP event collector.
https://github.com/Microsoft/AzureFunctionforSplunkVS
have a look at this link.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-eve...

0 Karma

Koko12345678
Explorer

to pull data from Event Hub you need also to configure input on the add-on side, this is why I'm asking if I can configure the add-on to also pull for application logs

0 Karma

mayurr98
Super Champion

I have never tried it. But I think Yes you can configure.you can give it a try

0 Karma

Koko12345678
Explorer

ok thanks

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...