Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Microsoft Cloud Services

The Splunk Add-on for Microsoft Cloud Services provides the index-time and search-time knowledge for Microsoft Cloud Services data in the following formats:

The ms:o365:management source type is for backward compatibility. A similar source type, o365:management:activity, is in the Splunk Add-on for Microsoft Office 365.

Data source Source type Event type API CIM data models ITSI data models Notes
Azure Event Hubs mscs:azure:eventhub n/a Microsoft Azure Event Hubs Client Library for Python n/a n/a
Azure Event Hubs mscs:azure:security:alert n/a Microsoft Azure Event Hubs Client Library for Python Alerts n/a
Azure Event Hubs mscs:azure:security:recommendation n/a Microsoft Azure Event Hubs Client Library for Python Alerts n/a
Azure Event Hubs azure:monitor:aad mscs_audit_auth_account_management,

mscs_audit_auth_all_changes, mscs_audit_auth_authentication, mscs_audit_auth_alerts, mscs_azure_aad_auditlogs, mscs_azure_aad_signinlogs, mscs_azure_aad_provisionlogs, mscs_azure_aad_userlogs

Microsoft Azure Event Hubs Client Library for Python Alerts, Authentication, Change n/a
Azure Event Hubs azure:monitor:resource n/a Microsoft Azure Event Hubs Client Library for Python Change, Databases

DataAccess

n/a
Azure Event Hubs azure:monitor:activity mscs_azure_activity_all_changes,

mscs_azure_activity_instance_changes, mscs_azure_activity_administrative_logs

Microsoft Azure Event Hubs Client Library for Python Change n/a
Azure Resource virtualMachine mscs:resource:virtualMachine mscs_inventory_vm Azure Virtual Machines REST — List
Azure Virtual Machines REST — Get VM information 		n/a Inventory
Azure Resource network
InterfaceCard 		mscs:resource:networkInterfaceCard mscs_inventory_vm Azure Network REST — List network interface cards n/a Inventory
Azure Resource public
IPAddress 		mscs:resource:publicIPAddress n/a Azure Network REST — List public IP addresses n/a n/a
Resource virtualNetwork mscs:resource:virtualNetwork n/a Azure Network REST — List virtual networks n/a n/a
Azure Resource Disk mscs:resource:disk mscs_azure_resource_disk n/a Inventory, Storage n/a
Azure Resource Image mscs:resource:image mscs_azure_resource_image n/a Inventory, Virtual n/a
Azure Resource Snapshot mscs:resource:snapshot mscs_azure_resource_snapshot n/a Inventory, Virtual, Snapshot n/a
Azure Resource Group mscs:resource:resourceGroup mscs_azure_resource_resourceGroup n/a Inventory n/a
Azure Resource Subscription mscs:resource:subscriptions mscs_azure_resource_subscriptions n/a Inventory n/a
Azure Resource SecurityGroup mscs:resource:securityGroup mscs_azure_resource_securityGroup n/a Inventory n/a
Azure Audit log mscs:azure:audit n/a Azure Insights — List events for an Azure subscription Alerts, Change n/a
Azure Storage Table mscs:storage:table n/a Azure SDK for Python n/a n/a
Azure Storage Blob mscs:storage:blob n/a Azure SDK for Python n/a n/a
Azure Storage Blob mscs:storage:blob:json n/a Azure SDK for Python — Storage Table query_
entities 		n/a n/a When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json source types are automatically extracted. You can configure the settings for these source types in their respective stanzas in your local props.conf file.
Azure Storage Blob mscs:storage:blob:xml n/a Azure SDK for Python — Storage Table query_
entities 		n/a n/a When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json source types are automatically extracted. You can configure the settings for these source types in their respective stanzas in your local props.conf file.
Virtual Machine Metrics mscs:vm:metrics mscs_perf_vm_cpu Azure SDK for Python — Storage Table query_
entities 		n/a Performance
Azure Metrics mscs:metrics n/a n/a n/a n/a
Azure Metrics mscs:metrics:events n/a n/a n/a n/a
Azure KQL Log Analytics mscs:kql n/a n/a n/a n/a
Azure KQL Log Analytics mscs:kql:stats n/a n/a n/a n/a
Azure Consumption(Billing) mscs:consumption:billing n/a n/a n/a n/a
Azure Consumption(Billing) mscs:consumption:reservation:recommendation n/a n/a n/a n/a
Last modified on 25 May, 2023
PREVIOUS
Splunk Add-on for Microsoft Cloud Services 		  NEXT
Release notes for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters