Docs » Connect to your cloud service provider » Connect to Azure

Connect to Azure 🔗

Splunk Observability Cloud provides an integration with Microsoft Azure, lets you navigate through Azure entities using navigators, and includes many built-in dashboards to help you monitor Azure services.

What to expect 🔗

In Splunk Observability Cloud, the connection to Azure is also called an integration. To connect Observability Cloud to Azure, create an Azure integration. Following that, you can import metadata from Azure services into Observability Cloud. The metadata enables you to monitor your Azure services using custom tags, as well as dimensions such as region and host name.

For a list of the metrics that Azure provides, see the Splunk Observability Cloud Azure metrics section below.

Azure integration prerequisites 🔗

Successful integration requires the following:

  • Administrator privileges for your organization in Splunk Observability Cloud.

  • Administrator privileges for creating a new Azure Active Directory application. To learn more about these privileges, refer to the Azure documentation for registering a new app.

Preparing for Azure integration 🔗

To set up Microsoft Azure for connection to Splunk Observability Cloud, do the following:

  1. Create an Azure Active Directory application by following these steps:

    1. Open a new tab in your web browser.

    2. Login to your Azure portal.

    3. Navigate to Azure Active Directory and select App registrations. Then click New registration at the top of the page.

    4. Enter the name, indicate access, select Web, enter sign-on URL, and then click Register. Observability Cloud does not use this information, but you need to provide it in order to create an app on Azure.

    5. The Azure portal displays summary information about the application. Save the following information to use when you create your Azure integration in Observability Cloud:

      • Display name

      • Application (client) ID

      • Directory (tenant) ID

      • Object ID

    6. Click Certificates & settings. The Certificate is your public key, and the client secret is your password.

    7. Create a client secret by providing a description and setting the duration to Never expires, then click Save.

    8. The Azure portal displays the client secret. Save this value; you need the client secret to create your Azure integration in Observability Cloud.

  2. Specify subscriptions and set subscription permissions:

    1. In the Azure portal, navigate to All services, click Everything, then click Subscriptions.

    2. Find a subscription you want to monitor, and click on the subscription name.

    3. Navigate to Access control (IAM), click Add, then select Add role assignment.

    4. On the Add role assignment page, perform the following steps:

      1. From the Role drop-down list, select Monitoring Reader.

      2. Leave the Assign access to drop-down list unchanged.

      3. In the Select text box, start entering the name of the Azure application you just created. The Azure portal automatically suggests names as you type. After you enter the application name, click Save.

    Repeat these steps for each subscription you want to monitor.

Connect to Azure 🔗

From Splunk Observability Cloud, connect to Azure by following these steps:

  1. On the Splunk Observability Cloud home page, open the Navigation menu and click Data Setup to display the Connect Your Data page.

  2. Navigate to the Azure Services section and click Microsoft Azure.

  3. Click Microsoft Azure. The Microsoft Azure setup page is displayed.

  4. To start configuring the connection to Azure, click New Integration.

  5. In the text boxes, enter the following information:

    • Name: Unique name for this connection to Azure. The name field helps you create multiple connections to Azure, each with its own name.

    • Directory ID: Azure Directory ID you saved in a previous step.

    • App ID: The Azure app (client) ID you saved in a previous step.

    • Client Secret: The client secret (password) you saved in a previous step.

  6. To select the type of Azure connection you created in the previous steps, click a radio button:

    • For an Azure Government instance, click Azure Government.

    • For all other Azure connections, click Azure.

  7. Select the rate at which the Observability Cloud connection polls Azure for data:

    • For a poll rate of 1 minute, click 1 Min. This is the default.

    • For a poll rate of 5 minutes, click 5 Min.

  8. Click Save. Observability Cloud saves the connection details and attempts to validate the integration.

  9. A Validated! message confirms that the integration was successful.

Splunk Observability Cloud begins receiving metrics from Azure for the subscriptions and services that you specified in the Observability Cloud settings for your Azure connection.

To validate your setup, examine the details of your Azure integration as displayed in the list at the end of the setup page.

Install the Splunk Distribution of OpenTelemetry Collector 🔗

If you installed Azure while going through the Quick Start guide, continue by installing the Splunk Distribution of OpenTelemetry Collector.

The Azure integration provides an Azure mode for the navigator, and includes default dashboards to help you monitor Microsoft Azure services.

You can also connect to Azure and the subscriptions and services running on it by using the Splunk Distribution of OpenTelemetry Collector. OTel Collector offers a higher degree of customization than the Azure integration, and you might prefer it when you want to see metrics at a sub-one minute resolution, or when you need fine-grained control over the filtering of what metrics are sent.

Supported Azure services 🔗

Splunk Observability Cloud syncs with a subset of Azure services. During your Azure setup, if you select All Services when you specify subscriptions, Observability Cloud syncs with the following services:

  • API Management

  • App Service

  • Application Gateway

  • Automation

  • Azure Analysis Services

  • Azure Cosmos DB

  • Azure DDoS Protection

  • Azure DNS

  • Azure Data Explorer

  • Azure Database for MySQL

  • Azure Database for PostgreSQL

  • Azure Firewall

  • Azure Front Door

  • Azure Kubernetes Service

  • Azure Location Based Services

  • Azure Machine Learning

  • Azure Maps

  • Batch

  • Cognitive Services

  • Container Instances

  • Container Registry

  • Content Delivery Network (CDN)

  • Customer Insights

  • Data Factory

  • Data Lake Analytics

  • Data Lake Store

  • Event Grid (Event Subscriptions)

  • Event Grid (Extension Topics)

  • Event Grid (System Topics)

  • Event Grid (Topics)

  • Event Grid (domains)

  • Event Hubs

  • ExpressRoute

  • HDInsight

  • Key Vault

  • Load Balancer

  • Logic apps

  • Network Interfaces

  • Notification Hubs

  • Power BI

  • Redis Cache

  • Relays

  • SQL Database

  • SQL Elastic Pools

  • SQL Servers

  • Search Services

  • Service Bus

  • Storage

  • Stream Analytics

  • Traffic Manager

  • VPN Gateway

  • Virtual Machine Scale Sets

  • Virtual Machines

  • Virtual Machines (Classic)

Splunk Observability Cloud Azure metrics 🔗

Splunk Observability Cloud receives the following metrics from Azure

Azure App Service metrics 🔗

Azure Batch metrics 🔗

Azure Event Hubs metrics 🔗

Azure Functions metrics 🔗

Azure Kubernetes service metrics 🔗

Azure Logic App metrics 🔗

Azure Redis metrics 🔗

Azure SQL Databases metrics 🔗

Azure SQL elastic pools metrics 🔗

Azure Storage metrics 🔗

Azure Virtual Machine metrics 🔗

Azure Virtual Machine Scale Sets metrics 🔗

Organization metrics 🔗

Observability Cloud organization metrics monitor data related to your Azure integration, such as the number of metric time series (MTS) your integration has created. The names of these metrics all start with the string sf.org.num.azure. To learn more about these metrics, see Usage metrics for Splunk Observability Cloud.