I have configured Microsoft Azure Active Directory reporting Add-on for Splunk by creating two inputs
1. Add Microsoft Azure Active Directory Sign-ins
2. Add Microsoft Azure Active Directory Audit
3. configure Client ID and secret on configuration tab.
All done on search head.
We are getting sign-in data but we are not getting AD audit data
Environment: Splunk cloud
Prior to configuring the above app I configured Splunk Add-on for Microsoft Cloud Services and used the same Azure Tenant ID
... View more