Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Download manual as PDF

Download topic as PDF

Release notes for the Splunk Add-on for Microsoft Cloud Services

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services was released on April 8, 2019.

Compatibility

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.6,x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM version 4.12
Supported OS for data collection Platform independent
Vendor Products Azure Active Directory, Azure Storage Table, Azure Storage Blob, Azure Audit, and other cloud services

Upgrade

The following migration guide is supported for upgrading from version 3.0.0 to version 3.1.0. Upgrading from any version older than 3.0.0 requires a fresh installation of version 3.0.0.

A best practice for upgrading the Splunk Add-on for Microsoft Cloud Services is to remove your older version before re-installing version 3.0.0 of the Splunk Add-on for Microsoft Cloud Services.

  1. Disable all your inputs before you upgrade the add-on. Otherwise you may see errors in the log files which may results data loss against your already configured inputs.
  2. Install the Splunk Add-on for Microsoft Cloud Services version 3.1.0 from the Splunk Web UI (make sure Upgrade App checkbox is selected).
  3. Restart the Splunk platform.
  4. Navigate to the input page of the Splunk Add-on for Microsoft Cloud Service. Alerts will appear, indicating incomplete account authorization.
  5. Edit each required input by clicking the click here link to navigate to the account configuration page or by directly navigating to the account configuration page.
  6. Complete the authorization of your account by adding your account secret key/account token.
  7. Repeat above steps for all inputs which have alert sign against them.
  8. Enable each desired input to start data collection.

In previous versions, settings including proxy, logging, and performance were stored in splunk_ta_o365_client_setting.conf and splunk_ta_o365_server_setting.conf. In version 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services, all setting and performance tuning configurations are in splunk_ta_mscs_setting.conf. The default log level is INFO.

Versions 3.0.0 and above of the Splunk Add-on for Microsoft Cloud Services removes the Microsoft 0ffice 365 module. See the Splunk Add-on for Microsoft 0ffice 365.

New Features

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services has the following new features:

  • Credential validation of Account Name and Account secret key on Account configuration page.

Fixed issues

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services fixes the following issues:

Date resolved Issue number Description
2019-02-08 ADDON-20248 Getting ERROR "No handlers could be found for logger" in splunkd.log file after installation of MSCS Add-On

Known issues

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services contains the following new known issues. If no issues appear below, no issues have yet been reported:

Date filed Issue number Description
2019-02-27 ADDON-21430 Enable/Disable functionality not working when Input name contains special characters.

Third-party software attributions

Version 3.1.0 of the Splunk Add-on for Microsoft Cloud Services incorporates the following third-party software or libraries.

PREVIOUS
Source types for the Splunk Add-on for Microsoft Cloud Services
  NEXT
Release history for the Splunk Add-on for Microsoft Cloud Service

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Comments

This is listed under Fixed issues and Known issues.
ADDON-15540 Not Receiving MSCS data

Dfronck
June 14, 2018

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters