
Upgrade the Splunk Add-on for Microsoft Cloud Services
The following migration guide is supported for upgrading from version 4.0.1 or later. Upgrading from any version older than 3.0.0 requires a fresh installation of version 4.0.1 or later.
Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services cannot be installed on the same Splunk platform instance as one that has the Microsoft Azure Add-on for Splunk installed.
A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 4.0.1 or later of the Splunk Add-on for Microsoft Cloud Services.
- Verify that you are running version 8.0.0 or later of the Splunk software.
- (Optional) Plan your Splunk Enterprise upgrade to work with the Python 3 migration.
- Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
- If you have any apps or add-ons that use Splunk Add-on for Microsoft Cloud Services EventHub data formatting:
- Disable the EventHub inputs before upgrading.
- Upgrade those apps or add-ons to the latest version.
- Add
event_format_flags = 1
to the EventHub inputs. - Enable the EventHub inputs.
- Install the Splunk Add-on for Microsoft Cloud Services version 4.0.1 and later from the Splunk Web UI (make sure Upgrade App checkbox is selected).
- Restart the Splunk platform.
- Navigate to the input page of the Splunk Add-on for Microsoft Cloud Services. Alerts will appear, indicating incomplete account authorization.
- Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
- Complete the authorization of your account by adding your account secret key/account token.
- Repeat above steps for all inputs which have alert sign against them.
- Enable each desired input to start data collection.
- (Optional) To create new EventHub inputs, add
event_format_flags = 1
to the apps or add-ons that use Splunk Add-on for Microsoft Cloud Services EventHub data formatting.
In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf
and splunk_ta_o365_server_setting.conf
. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf
. The default log level is INFO
.
Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft Office 365.
PREVIOUS Install the Splunk Add-on for Microsoft Cloud Services |
NEXT Migrate from the Splunk Add-on for Microsoft Azure |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!