Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Download manual as PDF

Download topic as PDF

Configure Azure Resource Modular inputs for the Splunk Add-on for Microsoft Cloud Services

Prerequisites: Before you enable inputs, complete the previous steps in the configuration process:

Configure your inputs on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder. You can configure inputs using Splunk Web, which is a best practice, or by using the configuration files.

Configure inputs using Splunk Web

Configure your inputs using Splunk Web on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

  1. In the Splunk Add-on for Microsoft Cloud Services, click Inputs.
  2. Click Create New Input and then select Azure Resource.
  3. Fill out the Name, Azure App Account, Subscription ID, Resource Type, Resource Group List, Interval and Index fields using the input parameter table below.
  4. Click Add.

Configure inputs using configuration files

Configure your inputs using the configuration files on the Splunk platform instance responsible for collecting data for this add-on, usually a heavy forwarder.

  1. Create a file called mscs_azure_resource_inputs.conf under $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local.
  2. Add the following stanza:
    [<input_stanza_name>]             
    account = <value>                
    subscription_id = <value>        
    resource_type = <value>                
    resource_group_list = <value>             
    index = <value>     
    interval = <value>                             
    
  3. Save and restart Splunk platform.

Input Parameters

Attributes Corresponding Fields in Splunk Web Description
input_stanza_name Name A friendly name for your input.
account Azure App Account The Azure App account from which you want to gather data.
subscription_id Subscription ID The instance queries the management events belong to this subscription. The subscription ID is the one you configured in Microsoft account
resource_type Resource Type You can choose from Virtual Machine, Public IP Address, Network Interface Card and Virtual Network using Splunk Web, or set resource_type to virtual_machine, public_ip_address, network_interface_card or virtual_network in the configuration file.
resource_group_list Resource Group List The resource group list is defined by subscription ID and resource type. If you leave this field blank, this add-on will query all resource lists under the subscription ID and the resource type you choose. You can add multiple resource group list separated by commas.
interval Interval The number of seconds to wait before the Splunk platform runs the command again. The default is 3600 seconds.
index Index The index in which the Microsoft cloud services data should be stored.
PREVIOUS
Configure Azure Audit Modular inputs for the Splunk Add-on for Microsoft Cloud Services
  NEXT
Connect to your Azure Storage account with the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters