Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure Azure Virtual Machine metrics modular input for Splunk Add-on for Microsoft Cloud Services

Configure your inputs on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. You can configure inputs using Splunk Web as a best practice, or by using configuration files.

Prerequisites

Before you enable inputs, complete the previous steps in the configuration process:

Configure inputs using Splunk Web

Configure your inputs using Splunk Web on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. You cannot configure Table List, Interval, or Sourcetype using Splunk Web.

  1. In the Splunk Add-on for Microsoft Cloud Services, select Inputs.
  2. Select Create New Input and select Azure Storage Table.
  3. Select Input type as Virtual Machine Metrics and type the Name, Storage Account, Start Time and Index using the Input parameters.
  4. Select Add.

Configure inputs using configuration file

  1. Create a file called inputs.conf under $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local.
  2. Configure Azure virtual machine metrics inputs with the following stanza: 
    [mscs_storage_table://<input_name>]          
account = <value>
storage_table_type = vm_metrics         
table_list = WADMetricsPT1M*   
start_time = <value>
index = <value>  
collection_interval = 60  
sourcetype = mscs:vm:metrics
  3. Save and restart Splunk platform.

Input parameters

Attribute Corresponding field in Splunk Web Description
mscs_storage_table://<input_name> Name A friendly name for your input. Name cannot contain any whitespace.
account Azure Storage Account Choose a Storage Account you have configured. Account name cannot contain any whitespace.
table_list Table List Enter a table list name under the storage account. You cannot change the Table List name in Splunk Web, which is WADMetricsPT1M*.

The best practice is to keep the default value WASMetricsPT1M* in the table list.

start_time Start Time The add-on starts collecting data with a date later than this time. The format is YYYY-MM-DDThh:mm:ssTZD and the default is 30 days before the configuration, e.g. 2016-07-15T09:00:00+08:00 stands for fetching data from 2016-07-15 09:00:00 in UTC+8 time zone.
collection_interval Interval The number of seconds to wait before the Splunk platform runs the command again. The default is 60 seconds, and you cannot change this interval in Splunk Web. If you want to change the interval time, you have to configure it using the configuration file.

If you want to use ITSI data models, the best practice is to set the interval to 60 seconds.

index Index The index in which to store Azure Storage Table data.
sourcetype Sourcetype The default is mscs:vm:metrics. You cannot change the sourcetype in Splunk Web. If you want to change the sourcetype, you have to configure it using the configuration file.
storage_table_type Input Type, with Virtual Machine Metrics as the selection value. Choose data input as Virtual Machine Metrics.
Last modified on 05 February, 2024
PREVIOUS
Configure Azure Storage Blob modular inputs for the Splunk Add-on for Microsoft Cloud Services 		  NEXT
Configure Office 365 Management APIs inputs for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters