Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for Microsoft Cloud Services

The Splunk Add-on for Microsoft Cloud Services provides the index-time and search-time knowledge for Microsoft Cloud Services data in the following formats:

When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json sourcetypes are automatically extracted. You can configure the settings for these sourcetypes in their respective stanzas in your local props.conf file. Also, the ms:o365:management source type is for backward compatibility. A similar source type, o365:management:activity, is in the Splunk Add-on for Microsoft 0ffice 365.

Data source Source type Event type API CIM data models ITSI data models
Azure Resource virtualMachine mscs:resource:virtualMachine mscs_inventory_vm Azure Virtual Machines REST — List
Azure Virtual Machines REST — Get VM information 		n/a Inventory
Azure Resource network
InterfaceCard 		mscs:resource:networkInterfaceCard mscs_inventory_vm Azure Network REST — List network interface cards n/a Inventory
Azure Resource public
IPAddress 		mscs:resource:publicIPAddress n/a Azure Network REST — List public IP addresses n/a n/a
Resource virtualNetwork mscs:resource:virtualNetwork n/a Azure Network REST — List virtual networks n/a n/a
Azure Audit log mscs:azure:audit n/a Azure Insights — List events for an Azure subscription n/a n/a
Azure Storage Table mscs:storage:table n/a Azure SDK for Python n/a n/a
Azure Storage Blob mscs:storage:blob n/a Azure SDK for Python n/a n/a
mscs:storage:blob:json n/a Azure SDK for Python — Storage Table query_
entities 		n/a n/a
mscs:storage:blob:xml n/a Azure SDK for Python — Storage Table query_
entities		 n/a n/a
Virtual Machine Metrics mscs:vm:metrics mscs_perf_vm_cpu Azure SDK for Python — Storage Table query_
entities 		n/a Performance
Office 365 ms:o365:management mso365_change_endpoint Office365 management API Change Analysis n/a
ms:o365:management mso365_change_account Office365 management API Change Analysis n/a
ms:o365:management mso365_authentication Office365 management API Authentication n/a
Retrieved from "https://docs.splunk.com/index.php?title=Documentation:AddOns:MSCloudServices:Sourcetypes:released&oldid=948953"
PREVIOUS
Splunk Add-on for Microsoft Cloud Services 		  NEXT
Release notes for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Comments

The latest version of the add-on does not cover Office 365 anymore. Please remove the incorrect information.

Remnant
April 8, 2019

there is no mscs:storage:blob sourcetype in this app ? I'm having an issue where if i manually download a csv from blob storage using Azure storage explorer i can ingest the file using the default csv sourcetype (INDEXED_TRANSACTIONS) but when i then enable the input for the same container - all i get is csv headers (using the same sourcetype)

Esky73
January 4, 2019

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters