Hi Team,
When i logged into Azure portal and navigate to Azure Active Directory and in monitoring I need to ingest the Sign-ins logs into Splunk.
How can I able to ingest those logs into Splunk? Do we have any procedure or document to ingest those logs into Splunk. We already have Splunk Add-On For Microsoft Cloud Services installed in our Search head server.
So kindly help on the request.
Splunk changed some of the functionality of that app, and moved it to/improved this new version:
https://splunkbase.splunk.com/app/4055/
This gives you all of the Azure AD logins, (and exchange, sharepoint, onedrive) etc.
I am using this app, and its very effective.
Need to know one thing splunk heavy forwarder need to be installed on azure cloud VM or these send data to search head .
Sorry to be late to this party. The app can be installed on a HF. The HF can be on-prem and will poll data from Azure. There is some azure configuration required for the application to connect to your tenants.