Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Upgrade the Splunk Add-on for Microsoft Cloud Services

The following migration guide is supported for upgrading from version 4.0.1 or later. Upgrading from any version older than 3.0.0 requires a fresh installation of version 4.0.1 or later.

Version 4.1.0 of the Splunk Add-on for Microsoft Cloud Services cannot be installed on the same Splunk platform instance as one that has the Microsoft Azure Add-on for Splunk installed.

A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 4.0.1 or later of the Splunk Add-on for Microsoft Cloud Services.

  1. Verify that you are running version 8.0.0 or later of the Splunk software.
  2. (Optional) Plan your Splunk Enterprise upgrade to work with the Python 3 migration.
  3. Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
  4. If you have any apps or add-ons that use Splunk Add-on for Microsoft Cloud Services EventHub data formatting:
    1. Disable the EventHub inputs before upgrading.
    2. Upgrade those apps or add-ons to the latest version.
    3. Add event_format_flags = 1 to the EventHub inputs.
    4. Enable the EventHub inputs.
  5. Install the Splunk Add-on for Microsoft Cloud Services version 4.0.1 and later from the Splunk Web UI (make sure Upgrade App checkbox is selected).
  6. Restart the Splunk platform.
  7. Navigate to the input page of the Splunk Add-on for Microsoft Cloud Services. Alerts will appear, indicating incomplete account authorization.
  8. Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
  9. Complete the authorization of your account by adding your account secret key/account token.
  10. Repeat above steps for all inputs which have alert sign against them.
  11. Enable each desired input to start data collection.
  12. (Optional) To create new EventHub inputs, add event_format_flags = 1 to the apps or add-ons that use Splunk Add-on for Microsoft Cloud Services EventHub data formatting.

In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf and splunk_ta_o365_server_setting.conf. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf. The default log level is INFO.

Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft Office 365 module. See the Splunk Add-on for Microsoft Office 365.

Last modified on 12 August, 2022
PREVIOUS
Install the Splunk Add-on for Microsoft Cloud Services 		  NEXT
Migrate from the Splunk Add-on for Microsoft Azure

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters