Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Microsoft Cloud Services

The Splunk Add-on for Microsoft Cloud Services provides the index-time and search-time knowledge for Microsoft Cloud Services data in the following formats:

When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json sourcetypes are automatically extracted. You can configure the settings for these sourcetypes in their respective stanzas in your local props.conf file. Also, the ms:o365:management source type is for backward compatibility. A similar source type, o365:management:activity, is in the Splunk Add-on for Microsoft Office 365.

Data source Source type Event type API CIM data models ITSI data models
Azure Event Hubs mscs:azure:eventhub n/a Microsoft Azure Event Hubs Client Library for Python Alerts n/a
mscs:azure:security:alert n/a Microsoft Azure Event Hubs Client Library for Python Alerts n/a
mscs:azure:security:recommendation n/a Microsoft Azure Event Hubs Client Library for Python Alerts n/a
Azure Resource virtualMachine mscs:resource:virtualMachine mscs_inventory_vm Azure Virtual Machines REST — List
Azure Virtual Machines REST — Get VM information 		n/a Inventory
Azure Resource network
InterfaceCard 		mscs:resource:networkInterfaceCard mscs_inventory_vm Azure Network REST — List network interface cards n/a Inventory
Azure Resource public
IPAddress 		mscs:resource:publicIPAddress n/a Azure Network REST — List public IP addresses n/a n/a
Resource virtualNetwork mscs:resource:virtualNetwork n/a Azure Network REST — List virtual networks n/a n/a
Azure Audit log mscs:azure:audit n/a Azure Insights — List events for an Azure subscription Alerts, Change n/a
Azure Storage Table mscs:storage:table n/a Azure SDK for Python n/a n/a
Azure Storage Blob mscs:storage:blob n/a Azure SDK for Python n/a n/a
mscs:storage:blob:json n/a Azure SDK for Python — Storage Table query_
entities 		n/a n/a
mscs:storage:blob:xml n/a Azure SDK for Python — Storage Table query_
entities 		n/a n/a
Virtual Machine Metrics mscs:vm:metrics mscs_perf_vm_cpu Azure SDK for Python — Storage Table query_
entities 		n/a Performance
Last modified on 01 December, 2021
PREVIOUS
Splunk Add-on for Microsoft Cloud Services 		  NEXT
Release notes for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters