Docs » Connect to your cloud service provider » Connect to Azure and send data to Splunk Observability Cloud

Connect to Azure and send data to Splunk Observability Cloud 🔗

Splunk Observability Cloud provides an integration with Microsoft Azure, lets you travel through Azure entities, and includes built-in dashboards to help you monitor Azure services.

See the list of available Azure services.

After you connect your Azure account to Splunk Observability Cloud, you can do the following:

  • Import Azure metrics, traces, and metadata.

  • Send logs to the Log Observer.

  • Use Splunk Observability Cloud tools to monitor your Azure services, such as navigators and dashboards.

  • Filter Azure monitoring results using tags or dimensions such as region and host name. When tagging, Splunk Observability Cloud only allows alphanumeric characters, and the underscore and minus symbols. Unsupported characters include ., :, /, =, +, @, and spaces, which are replaced by the underscore character.

Azure integration prerequisites

Successful integration requires administrator privileges for the following:

  • Your organization in Splunk Observability Cloud.

  • Creating a new Microsoft Entra ID (formerly Azure Active Directory) application.

To learn more about these privileges, see the Azure documentation for registering a new app.


Splunk Observability Cloud supports all Azure regular regions, and Azure Government.

Prepare Azure for the integration

To prepare Microsoft Azure to connect with Splunk Observability Cloud:

  1. Create a Microsoft Entra ID (formerly Azure Active Directory) application.

  2. Specify subscriptions and set subscription permissions.

You also have the option of connecting to Azure through the Splunk Observability Cloud API. For details, see Integrate Microsoft Azure Monitoring with Splunk Observability Cloud in the Splunk developer documentation.

Create a Microsoft Entra ID (formerly Azure Active Directory) application

Follow these steps to create a new Microsoft Entra ID application:

  1. In your Azure portal, navigate to Microsoft Entra ID, and register your new app. Splunk Observability Cloud does not use this information, but you need to provide it in order to create an app on Azure.

  2. The Azure portal displays a summary about the application. Save the following information to use when you create your Azure integration in Splunk Observability Cloud:
    • Display name

    • Application (client) ID

    • Directory (tenant) ID

    • Object ID

  3. Select Certificates & secrets. The Certificate is your public key, and the client secret is your password.

  4. Create a client secret by providing a description and setting the duration to the longest possible interval, and Save. Remember the client secret, you’ll need it to create your Azure integration in Splunk Observability Cloud.

Repeat these steps for each subscription you want to monitor.

Specify subscriptions and set subscription permissions

Set your subscription permissions:

  1. In the Azure portal, look for your Subscriptions.

  2. Find a subscription you want to monitor, and select the subscription name.

  3. Navigate to Access control (IAM), select Add, then select Add role assignment.

  4. On the Add role assignment page, perform the following steps:
    • From the Role drop-down list, select Monitoring Reader.

    • Leave the Assign access to drop-down list unchanged.

    • Go to Select member.

    • In the Select text box, start entering the name of the Azure application you just created. The Azure portal automatically suggests names as you type. Enter the application name, and Save.

Repeat these steps for each subscription you want to monitor.

Connect to Azure with the guided setup

From Splunk Observability Cloud, connect to Azure by following these steps:

  1. Open the Microsoft Azure guided setup . Optionally, you can navigate to the guided setup on your own:

  1. In the navigation menu, select Data Management, and select Add Integration to open the Integrate Your Data page.

  2. In the integration filter menu, go to By Use Case, and select the Monitor Infrastructure use case.

  3. Select the Microsoft Azure tile to open the Microsoft Azure guided setup.

  4. To start configuring the connection to Azure, select New Integration.

  1. In the text boxes for Splunk Infrastructure Monitoring setup, enter the following information:
    • Name: Unique name for this connection to Azure. The name field helps you create multiple connections to Azure, each with its own name.

    • Directory ID: Azure Directory ID you saved in a previous step.

    • App ID: The Azure app (client) ID you saved in a previous step.

    • Client Secret: The client secret (password) you saved in a previous step.

  2. Select the type of Azure connection you created in the previous steps:
    • Azure Government for an Azure Government instance.

    • Azure for all other Azure connections.

  3. Select the rate at which you want Splunk Observability Cloud to poll Azure for metric data, with 1 minute (default) as the minimum unit, and 10 minutes as the maximum unit. For example, a value of 300 polls metrics once every 5 minutes. Poll rate is expressed in seconds.

  4. Optional: Use the Add Tag button to create a tag if you want to monitor only tagged data sources, filling out the tag name and tag value fields separately to create a tag pair.

  5. Save. Splunk Observability Cloud saves the connection details and attempts to validate the integration. A Validated! message confirms that the integration was successful.

Splunk Observability Cloud begins receiving metrics from Azure for the subscriptions and services that you specified in the Splunk Observability Cloud settings for your Azure connection.


Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account.

Alternatives to connect to Azure

Connect to Azure using the Splunk Observability Cloud API

You can use the Splunk API to integrate Azure with Splunk Observability Cloud.

For instructions on how to connect to Azure through the API, see Integrate Microsoft Azure monitoring with Splunk Observability Cloud in the Splunk developer documentation.


Azure tag filtering configured through the UI applies an OR operator to the name:value pairs that you specify in separate fields. Values for tag name and tag value are what you anticipate for monitored data sources. To apply more complex rules not governed exclusively by the OR operator, connect to Azure through the Splunk Observability Cloud API and modify the contents of the resourceFilterRules field there.

Connect to Azure using Terraform

To connect using Terraform, see Connect your cloud services using Splunk Terraform.

Install the Splunk Distribution of OpenTelemetry Collector

To take advantage of the full benefits of the Splunk Observability Cloud platform, install the OpenTelemetry Collector.

To track the degree of OpenTelemetry enablement in your Azure integrations:

  1. From Splunk Observability Cloud, go to Data Management > Azure.

  2. Select OpenTelemetry Enabled to see whether the OTel Collector is installed on each Azure instance. This helps you identify the instances that still need to be instrumented. For instances that are successfully instrumented, you can see which version of the OTel Collector is deployed.

Amount of Azure entities with the Collector installed.

Next steps

To validate your setup, examine the details of your Azure integration as displayed in the list at the end of the setup page.