Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure Azure Metrics inputs for the Splunk Add-on for Microsoft Cloud Services

Configure your inputs on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. You can configure inputs using Splunk Web, which is a best practice.

Prerequisites

Complete the following steps in the configuration process:

  1. Configure an Active Directory Application in Azure Active Directory for the Splunk Add-on for Microsoft Cloud Services, if you have not already done so.
  2. Connect to your Azure App Account with Splunk Add-on for Microsoft Cloud Services, if you have not already done so.
  3. Create an Azure App Account in the Splunk Add-on for Microsoft Cloud Services.
  4. Azure Metrics input provides support for the metric index. See Create metric indexes to create a metrics index.

The Azure Metrics input for the Splunk Add-on for Microsoft Cloud Services is not compatible with the Metrics input in the Microsoft Azure Add-on for Splunk.

Configure inputs using Splunk Web

Configure your inputs using Splunk Web on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

  1. In the Splunk Add-on for Microsoft Cloud Services, select Inputs.
  2. Select Create New Input and then select Azure Metrics.
  3. Enter the Name, Azure App Account, Subscription IDs, Namespaces, Metric Statistics, Preferred Time Aggregation, Interval, Use Metric Index?, Index, Sourcetype, and Number of Threads using the information in the following Input parameters table.

Configure inputs using configuration files

Configure your inputs using the configuration files on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

  1. In your Splunk platform deployment, navigate to $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local.
  2. Create a file named inputs.conf , if it does not already exist.
  3. Add the following stanza for Azure Metrics input:
      1. Input configuration for event index
    [mscs_azure_metrics://<input_stanza_name>]
account = <value>
index = <value>
interval = <value>
metric_index_flag = no
metric_statistics = <value>
namespaces = <value>
number_of_threads = <value>
preferred_time_aggregation = <value>
sourcetype = mscs:metrics:events
subscription_id = <value>
      1. Input configuration for metrics index
    [mscs_azure_metrics://<input_stanza_name>]
account = <value>
index = <value>
interval = <value>
metric_index_flag = yes
metric_statistics = <value>
namespaces = <value>
number_of_threads = <value>
preferred_time_aggregation = <value>
sourcetype = mscs:metrics
subscription_id = <value>
  4. Save and restart the Splunk platform.

Input parameters

Each attribute in the following table corresponds to a field in Splunk Web.

Attribute Corresponding field in Splunk Web Description
input_stanza_name Name A friendly name for your input. . Input name cannot contain any whitespace.
account Azure Account The Azure App account from which you want to collect data. Account name cannot contain any whitespace.
subscription_id Subscription IDs The Azure Subscription containing the resources to query metrics.

Comma-separated list of subscriptions.

namespaces Namespaces Comma-separated list of metric namespaces to query. Refer to section 'Supported metrics with Azure Monitor' in microsoft document for list of available metrics namespaces.

Example: Microsoft.Compute/virtualMachines

metric_statistics Metric Statistics The type of statistic to gather. Valid options are average, minimum, maximum, total, and count
preferred_time_aggregation Preferred Time Aggregation The preferred aggregation type. If the preferred time period is not available for a specific metric in the namespace, the next available time grain will be used.

Valid options are PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, and P1D.

interval Interval The number of seconds to wait before the Splunk platform runs the command again. The default is 300 seconds.
metric_index_flag Use Metric Index? Use Metrix Index is for using metric index or event index. The default is yes (using metric index).
index Index The index that stores Azure Metrics data. It can be metrics, indexes, or events indexes based on the metric_index_flag value.
sourcetype Sourcetype The sourcetype to use for this input.

If metric index the sourcetype value is mscs:metrics If event index the sourcetype value is mscs:metrics:events

number_of_threads Number of Threads The number of threads used to collect metric data in parallel. The default value is 5.
Last modified on 27 September, 2023
PREVIOUS
Configure Advanced settings in Splunk Add-on for Microsoft Cloud Services 		  NEXT
Configure Azure consumption (billing) inputs for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters