
Upgrade the Splunk Add-on for Microsoft Cloud Services
The following migration guide is required for upgrading from version 4.0.1 or later. Upgrading from any version older than 3.0.0 requires a fresh installation of version 4.0.1 or later.
After upgrading to version 5.0.0 or later of this add-on, you might observe a rise in the usage of memory and CPU resources within your deployment.
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services cannot be installed on the same Splunk platform instance as one that has the Microsoft Azure Add-on for Splunk installed.
A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 4.0.1 or later of the Splunk Add-on for Microsoft Cloud Services.
Standard Upgrade Guide
- Verify that you are running version 8.0.0 or later of the Splunk software.
- (Optional) Plan your Splunk Enterprise upgrade to work with the Python 3 migration.
- Disable all your inputs before you upgrade the add-on. Otherwise, you might see errors in the log files, resulting in data loss against your already configured inputs.
- Upgrade the Splunk Add-on for Microsoft Cloud Services to the required version and follow the version-specific upgrade guide.
- Navigate to the input page of the Splunk Add-on for Microsoft Cloud Services. Alerts will appear, indicating incomplete account authorization.
- Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
- Complete the authorization of your account by adding your account secret key/account token.
- Repeat the above steps for all inputs with alert signs against them.
- Enable each desired input to start data collection. Enable Storage Blob inputs in small batches.
Upgrade to version 5.0.0 or later
- Follow the Standard Upgrade Guide
- After enabling the Storage Blob inputs, wait for the completion of file-based checkpoint to KV Store migration by following the successful migration notification in the Splunk Messages.
- Once all Storage Blob inputs are successfully migrated from file-based checkpoint to KV Store checkpoint and the environment is stable, then enable the Allow Storage Blob Deletion option in the Configuration -> Advanced tab to start the deletion of checkpoint files. It will delete the files gradually in the subsequent input executions.
- Check the successful deletion of files for inputs in the logs using the below search query.
search index=_internal source=*storage_blob* "Checkpoint has been migrated to KVstore"
Upgrade to version 4.4.0 or later
- If Eventhub inputs were configured using a version earlier than 4.4.0 and any third-party apps that use Event Hub data formatting should follow the below-mentioned steps:
- Before upgrading disable the Event Hub inputs.
- Upgrade the TA to the latest version.
- For the event hub inputs add
event_format_flags = 1
- Enable the Event Hub inputs.
- While creating a new Event Hub input, add
event_format_flags = 1
for the Apps which are dependent on the EventHub data formatting.
Upgrade to version 4.0.1 or later from any version older than 3.0.0
- Install the Splunk Add-on for Microsoft Cloud Services version 4.0.1 and later from the Splunk Web UI (make sure Upgrade App checkbox is selected).
- Restart the Splunk platform.
- Navigate to the input page of the Splunk Add-on for Microsoft Cloud Services. Alerts will appear, indicating incomplete account authorization.
- Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
- Complete the authorization of your account by adding your account secret key/account token.
- Repeat the above steps for all inputs with alert signs against them.
In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf
and splunk_ta_o365_server_setting.conf
. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf
. The default log level is INFO
.
Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft Office 365.
PREVIOUS Install the Splunk Add-on for Microsoft Cloud Services |
NEXT Migrate from the Splunk Add-on for Microsoft Azure |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!