Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Microsoft Cloud Services

The Splunk Add-on for Microsoft Cloud Services provides the index-time and search-time knowledge for Microsoft Cloud Services data in the following formats:

When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json sourcetypes are automatically extracted. You can configure the settings for these sourcetypes in their respective stanzas in your local props.conf file. Also, the ms:o365:management source type is for backward compatibility. A similar source type, o365:management:activity, is in the Splunk Add-on for Microsoft 0ffice 365.

Data source Source type Event type API CIM data models ITSI data models
Azure Resource virtualMachine mscs:resource:virtualMachine mscs_inventory_vm Azure Virtual Machines REST — List
Azure Virtual Machines REST — Get VM information 		n/a Inventory
Azure Resource network
InterfaceCard		 mscs:resource:networkInterfaceCard mscs_inventory_vm Azure Network REST — List network interface cards n/a Inventory
Azure Resource public
IPAddress		 mscs:resource:publicIPAddress n/a Azure Network REST — List public IP addresses n/a n/a
Resource virtualNetwork mscs:resource:virtualNetwork n/a Azure Network REST — List virtual networks n/a n/a
Azure Audit log mscs:azure:audit n/a Azure Insights — List events for an Azure subscription n/a n/a
Azure Storage Table mscs:storage:table n/a Azure SDK for Python n/a n/a
Azure Storage Blob mscs:storage:blob n/a Azure SDK for Python n/a n/a
mscs:storage:blob:json n/a Azure SDK for Python — Storage Table query_
entities		 n/a n/a
mscs:storage:blob:xml n/a Azure SDK for Python — Storage Table query_
entities		 n/a n/a
Virtual Machine Metrics mscs:vm:metrics mscs_perf_vm_cpu Azure SDK for Python — Storage Table query_
entities		 n/a Performance
Office 365 ms:o365:management mso365_change_endpoint Office365 management API Change Analysis n/a
ms:o365:management mso365_change_account Office365 management API Change Analysis n/a
ms:o365:management mso365_authentication Office365 management API Authentication n/a
Last modified on 14 May, 2021
PREVIOUS
Splunk Add-on for Microsoft Cloud Services 		  NEXT
Release notes for the Splunk Add-on for Microsoft Cloud Services

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters