Docs » Connect to your cloud service provider » Connect to Azure and send data to Splunk Observability Cloud

Connect to Azure and send data to Splunk Observability Cloud 🔗

Splunk Observability Cloud provides an integration with Microsoft Azure, lets you travel through Azure entities, and includes built-in dashboards to help you monitor Azure services.

For a list of supported Azure services, see Available Azure integrations.

Note

Splunk Observability Cloud supports all Azure regular regions, and Azure Government.

After you connect your Azure account to Splunk Observability Cloud, you can do the following:

  • Import Azure metrics, traces, and metadata.

  • Use Splunk Observability Cloud tools to monitor your Azure services, such as navigators and dashboards.

  • Filter Azure monitoring results using tags or dimensions such as region and host name. When tagging, Splunk Observability Cloud only allows alphanumeric characters, and the underscore and minus symbols. Unsupported characters include ., :, /, =, +, @, and spaces, which are replaced by the underscore character.

  • To retrieve logs, see Send Azure logs to Splunk Platform.

Azure integration prerequisites

Successful integration requires administrator privileges for the following:

  • Your organization in Splunk Observability Cloud.

  • Creating a new Microsoft Entra ID (formerly Azure Active Directory) application.

To learn more about these privileges, see the Azure documentation for registering a new app.

Prepare Azure for the integration

To prepare Microsoft Azure to connect with Splunk Observability Cloud:

  1. Create a Microsoft Entra ID (formerly Azure Active Directory) application.

  2. Specify subscriptions and set subscription permissions.

Note

You need to prepare your Microsoft Account in the Azure console. The following sections summarize the steps you need to follow. For more details, refer to the official Azure documentation.

Create a Microsoft Entra ID (formerly Azure Active Directory) application

Follow these steps to create a new Microsoft Entra ID application:

  1. In your Azure portal, navigate to Microsoft Entra ID, and register your new app. Splunk Observability Cloud does not use this information, but you need to provide it in order to create an app on Azure.

  2. The Azure portal displays a summary about the application. Save the following information to use when you create your Azure integration in Splunk Observability Cloud:
    • Directory (tenant) ID

    • Application (client) ID

  3. Select Certificates & secrets. The Certificate is your public key, and the client secret is your password.

  4. Create a client secret by providing a description and setting the duration to the longest possible interval, and Save. Remember the client secret, you’ll need it to create your Azure integration in Splunk Observability Cloud.

Specify subscriptions and set subscription permissions

Set your subscription permissions:

  1. In the Azure portal, look for your Subscriptions.

  2. Find a subscription you want to monitor, and navigate to Access control (IAM).

  3. Select Add, then select Add role assignment.

  4. On the Add role assignment page, perform the following steps:
    • From the Role drop-down list, select the Monitoring Reader role.

    • Leave the Assign access to drop-down list unchanged.

    • Go to Select member. In the Select text box, start entering the name of the Azure application you just created. The Azure portal automatically suggests names as you type. Enter the application name, and Save.

Repeat these steps for each subscription you want to monitor.

Connect to Azure with the guided setup

From Splunk Observability Cloud, connect to Azure using the Microsoft Azure guided setup .

Optionally, you can navigate to the guided setup on your own:

  1. In the navigation menu, select Data Management > Add Integration to open the Integrate Your Data page.

  2. In the integration filter menu, go to By Use Case, and select the Monitor Infrastructure use case.

  3. Select the Microsoft Azure tile to open the Microsoft Azure guided setup.

  4. To start configuring the connection to Azure, select New Integration.

To create the integration, enter the following information:

  • Name: Unique name for this connection to Azure. The name field helps you create multiple connections to Azure, each with its own name.

  • Directory ID: Azure Directory ID you saved in a previous step.

  • App ID: The Azure app (client) ID you saved in a previous step.

  • Client Secret: The client secret (password) you saved in a previous step.

  • Select your Azure environment:

    • Azure Government for an Azure Government instance.

    • Azure for all other Azure connections.

  • Select the services you want to monitor. By default, all services supported by Splunk Observability Cloud are selected. Use the pop-up menu to narrow down to specific services. For a list of supported Azure services, see Available Azure integrations.

  • Select the subscriptions you want to monitor.

  • Optional: Use the Add Tag button to create a tag if you want to monitor only tagged data sources, filling out the tag name and tag value fields separately to create a tag pair.

  • Add any additional Azure resources or services you want to monitor that are not fully supported by Splunk Observability Cloud. If you add the same resource type to both services and additional services, Splunk Observability Cloud ignores the duplication.

    • Any resource type you specify as an additional service must meet the following criteria:

      • The resource is an Azure generic resource. For resource types that have hierarchical structure, only the root resource type is a generic resource. For example, a Storage Account type can have a File Service type, and a File Service type can have a File Storage type. In this case, only Storage Account is a generic resource.

      • The resource stores its metrics in Azure Monitor. To learn more about Azure Monitor, refer to the Microsoft Azure documentation.

  • Select the rate, in seconds, at which you want Splunk Observability Cloud to poll Azure for metric data, with 60 seconds (default) as the minimum unit, and 600 seconds (10 minutes) as the maximum unit.

    • Select if you want to import metrics and/or metadata.

Note

Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account.

Alternatives to connect to Azure

Connect to Azure using the Splunk Observability Cloud API

You can use the Splunk API to integrate Azure with Splunk Observability Cloud.

For instructions on how to connect to Azure through the API, see Integrate Microsoft Azure monitoring with Splunk Observability Cloud in the Splunk developer documentation.

Note

Azure tag filtering configured through the UI applies an OR operator to the name:value pairs that you specify in separate fields. Values for tag name and tag value are what you anticipate for monitored data sources. To apply more complex rules not governed exclusively by the OR operator, connect to Azure through the Splunk Observability Cloud API and modify the contents of the resourceFilterRules field there.

Connect to Azure using Terraform

To connect using Terraform, see Connect your cloud services using Splunk Terraform.

Install the Splunk Distribution of OpenTelemetry Collector

To take advantage of the full benefits of the Splunk Observability Cloud platform, install the Splunk Distribution of the OpenTelemetry Collector. See more at Get started with the Splunk Distribution of the OpenTelemetry Collector.

Track your OpenTelemetry enablement

To track the degree of OpenTelemetry enablement in your Azure integrations:

  1. From Splunk Observability Cloud, go to Data Management > Azure.

  2. Select OpenTelemetry Enabled to see whether the OTel Collector is installed on each Azure VMs or AKS cluster. This helps you identify the instances that still need to be instrumented.

Amount of Azure entities with the Collector installed.
  1. For OTel Collector instances that are successfully instrumented, you can see which version of the Collector is deployed.

Next steps

To validate your setup, examine the details of your Azure integration as displayed in the list at the end of the setup page.