Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure Azure consumption (billing) inputs for the Splunk Add-on for Microsoft Cloud Services

Configure your inputs on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. You can configure inputs using Splunk Web, which is a best practice.

Prerequisites

Before you enable inputs, complete the following steps in the configuration process:

The Azure Consumption(Billing) input for the Splunk Add-on for Microsoft Cloud Services is not compatible with Azure Reservation Recommendation and Azure Billing and Consumption inputs in the Microsoft Azure Add-on for Splunk.

The Azure Consumption (Billing) input for the Usage Details data type collects data until one day prior to the current UTC time at every interval invocation.

Configure inputs using Splunk Web

Configure your inputs using Splunk Web on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

  1. In the Splunk Add-on for Microsoft Cloud Services, select Inputs.
  2. Select Create New Input and then select Azure Consumption(Billing).
  3. Enter the Name, Azure App Account, Subscription ID, Data Type, Interval, Index, Sourcetype, Max days to query and Start Date using the information in the following Input parameters table.

Configure inputs using configuration files

Configure your inputs using the configuration files on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

  1. In your Splunk platform deployment, navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local.
  2. Create a file named inputs.conf, if it does not already exist.
  3. Add the following stanza for consumption input:
      1. Input configuration for the Usage Details data type
    [mscs_azure_consumption://<input_stanza_name>]
    account = <value>
    data_type = Usage Details
    index = <value>
    interval = 86400
    query_days = <value>
    sourcetype = mscs:consumption:billing
    start_date = <value>
    subscription_id = <value>
    
      1. Input configuration for Reservation Recommendation data type
    [mscs_azure_consumption://<input_stanza_name>]
    account = <value>
    data_type = Reservation Recommendation
    index = <value>
    interval = 86400
    sourcetype = mscs:consumption:reservation:recommendation
    subscription_id = <value>
    
  4. Save and restart the Splunk platform.

Input parameters

Each attribute in the following table corresponds to a field in Splunk Web:

Attribute Corresponding field in Splunk Web Description
input_stanza_name Name A friendly name for your input. Name cannot contain any whitespace.
account Azure Account The Azure App account from which you want to collect data. Name cannot contain any whitespace.
subscription_id Subscription ID The Azure Subscription ID.
data_type Data Type Data Types:
  • Usage Details: To collect usage details data
  • Reservation Recommendation: To collect reservation recommendation data

The default is Usage Details

interval Interval The number of seconds to wait before the Splunk platform runs the command again. The default is 86400 seconds.
index Index The index in which to store Azure Consumption data.
sourcetype Sourcetype Select the respective sourcetype based on the configured Data Types
  • Usage Details: mscs:consumption:billing
  • Reservation Recommendation: mscs:consumption:reservation:recommendation

The default is mscs:consumption:billing

query_days Max days to query Specify the maximum number of days to query

The default is 10 days

Only visible and applicable when data type is '''Usage Details'''

When Usage Details data type is selected, each time this input runs a start date, it is calculated for the Usage Details API query. The end date for the Usage Details API query will be calculated as the start date plus the number of days specified by this parameter.

For example, if the calculated start date is 2022-01-01T00:00:00 (midnight on January 1, 2022), the end date for the query will be 2022-01-11T00:00:00 if the Max days to query is 10 days.

start_date Start Date Select a Start Date to specify how far back to go when initially collecting data

The default is 90 days in the past

Only visible and applicable when data type is '''Usage Details'''

Last modified on 05 February, 2024
PREVIOUS
Configure Azure Metrics inputs for the Splunk Add-on for Microsoft Cloud Services
  NEXT
Configure Azure KQL Log Analytics input for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters