Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see the Upgrade the Splunk Data Stream Processor topic.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

Create a DSP connection to Microsoft Azure Monitor

To get metrics data from Microsoft Azure Monitor into a data pipeline in Splunk Data Stream Processor (DSP), you must first create a connection using the Microsoft Azure Monitor connector. In the connection settings, provide the credentials of your Microsoft Azure Active Directory (AD) integration application so that DSP can access your data, and schedule a data collection job to specify how frequently DSP retrieves the data. You can then use the connection in the Microsoft Azure Monitor source function to get data from Azure Monitor into a DSP pipeline.

Prerequisites

Before you can create the Azure Monitor connection, you must have an integration application that registers the connector in Microsoft Azure Active Directory (AD), and has the necessary permissions assigned to it. Depending on whether you are collecting metrics for a management group or a subscription, the application requires different permissions:

  • If you are collecting metrics for a management group, make sure that your application has the following permissions:
    • Management Group Reader role for the management group.
    • Reader role for all subscriptions under that management group.
  • If you are collecting metrics for a subscription, make sure that your application has the Reader role for that subscription.

You must also have the following credentials from the integration application:

  • Tenant ID, which is also known as a directory ID.
  • Client ID, which is also known as an application ID.
  • Client secret, which is also known as a key.

If you don't have this integration application or the credentials, ask your Azure AD administrator for assistance. For information about creating integration applications, search for "How to: Use the portal to create an Azure AD application and service principal that can access resources" in the Microsoft Azure documentation.

Steps

  1. From the Data Stream Processor home page, click Data Management and then select the Connections tab.
  2. Click Create New Connection.
  3. Select Microsoft Azure Monitor and then click Next.
  4. Complete the following fields:
    Field Description
    Connection Name A unique name for your connection.
    Azure Tenant ID The tenant ID from Azure AD.
    Azure Client ID The client ID from your integration application in Azure AD.
    Azure Client Secret The client secret from your integration application in Azure AD.
    Subscription The Azure subscription that you want to collect metrics for.
    Management Group The Azure management group that you want to collect metrics for. If you also typed a subscription name in the Subscription field, the connector collects metrics for the subscription instead of the management group.
    Locations (Optional) If you don't want to collect metrics for all Azure locations, type a list of the specific locations that you want to collect metrics for. You must type each location name in lowercase and without spaces. For example, "East US 2" is eastus2.


    Search for "Azure locations" in the Microsoft Azure documentation for a complete list of supported locations.

    Resource Groups (Optional) If you don't want to collect metrics for all Azure resource groups, type a list of the specific resource groups that you want to collect metrics for.
    Metrics (Optional) A list of resource types. Enter each resource type using the format <resource_provider>/<type>.


    Search for "Supported metrics with Azure Monitor" in the Microsoft Azure documentation for a list of supported metrics.

    Aggregations (Optional) If you don't want to retrieve all the aggregations that are supported for your metrics, type a list of the aggregations that you want to retrieve. Valid Azure aggregations are Average, Count, Maximum, Minimum, and Total.
    Delay (Optional) If you need to compensate for latency in the availability of Azure Monitor Metrics data points, type the number of minutes to delay the metrics data collection.
    Scheduled This parameter is on by default, indicating that jobs run automatically. Toggle this parameter off to stop the scheduled job from automatically running. Jobs that are currently running are not affected.
    Schedule The time-based job schedule that determines when the connector executes jobs for collecting data. Select a predefined value or write a custom CRON schedule. All CRON schedules are based on UTC.
    Workers The number of workers you want to use to collect data.

    Any credentials that you upload are transmitted securely by HTTPS, encrypted, and securely stored in a secrets manager.

  5. Click Save.

    If you're editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes.

You can now use your connection in a Microsoft Azure Monitor source function at the start of your data pipeline to get metrics data from Microsoft Azure Monitor. For instructions on how to build a data pipeline, see the Building a pipeline chapter in the Use the manual. For information about the source function, see Get data from Microsoft Azure Monitor in the Function Reference manual.

Last modified on 05 March, 2021
Connecting Microsoft Azure Monitor to your DSP pipeline  

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters