Download topic as PDF
Connect to your Azure Storage account with the Splunk Add-on for Microsoft Cloud Services
Connect the Splunk Add-on for Microsoft Cloud Services and your Azure Storage account so that you can ingest your Azure storage table, Azure storage blob and Azure virtual machine metrics data into the Splunk platform. You can configure this connection using Splunk Web on your data collection node as a best practice, or by using the configuration files.
Prerequisites
Before you complete these steps, follow the directions in Configure a Storage Account in Microsoft Cloud Services to prepare your Microsoft account for this integration.
When the Splunk Add-on for Microsoft Cloud Services is used in conjunction with Azure storage, the number of inodes available can fill up quickly, creating pointer files on your operating system for every single blob. This results in a file directory containing extremely large numbers of files, and potentially resulting in a "no space left on device" error.
Connect to your account using Splunk Web
Access Splunk Web on the node of your Splunk platform installation that collects data for this add-on.
- Open the add-on, then select Configuration.
- Select Azure Azure Storage Account and enter the corresponding fields using the Input parameter table.
There are three Account Secret Types that you can select to configure an Azure storage account: Access Key, Account Token, and None Secret.
- If you want to collect Azure storage table Azure virtual machine metrics data, you have to configure the account with the Access Key or Account Token.
- If you want to collect Azure storage blob data, you can use any of three types.
Connect to your account using configuration files
If you do not have access to Splunk Web on your data collection node, you can configure the connection to your account using the configuration files.
- Create or open $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local/mscs_storage_accounts.conf.
- Add the following stanza:
[<account_stanza_name>] account_name = <value> account_secret = <value> account_secret_type = <value> account_class_type = <value>
Input parameters
Each attribute in the following table corresponds to a field in Splunk Web.
| Attribute | Corresponding field in Splunk Web | Description |
|---|---|---|
account_name
|
Account Name | The name for the storage account. Name cannot contain any whitespace. |
account_secret
|
Account Secret | You can enter the key or token generated when you Configure a Storage Account in Microsoft Cloud Service. |
account_secret_type
|
Access Key, Account Token or None Secret | If you set account_secret_type=0, it means the storage account use the None Secret type. You do not have to set Account Name and Account Secret. If you configure the inputs using a configuration file, you can leave account_name and account_secret blank.
If you set |
account_class_type
|
Account class type | Type of account class. The integer is either 1 or 2, 1 for Azure public cloud, and 2 for Azure government cloud.
|
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!