Splunk Addon for Microsoft Azure

Enterprise Applications deployed in Azure typically log data into Azure diagnostic storage tables. This App enables connecting to and retrieving data from Azure diagnostic storage into Splunk for analysis and reporting purposes.

Release Notes


About the Splunk Add-on for Microsoft Windows Azure

The Splunk Add-on for Microsoft Windows Azure (hereafter known as the
Splunk Add-on for Azure) allows you to get insight on the operation of
your Microsoft Windows Azure installation.

How does it work?

The Splunk Add-on for Azure collects data on four Windows Azure diagnostic
event types:

  • WADLogs
  • WADEventLogs
  • WADPerformanceCounter
  • WADDiagnostInfrastructure

New to Splunk?

If this is the first time you have used Splunk, then follow the
link to the Splunk documentation topic below. It introduces the
most important Splunk concepts you need to understand when installing
and using Splunk apps.

The key points to come away with are:

  • All Splunk apps run on the Splunk platform.
  • Understanding how Splunk works will greatly help you understand how
    Splunk apps work.
  • Installing and configuring the app is only part of the experience -
    you might need to prepare Splunk before installing your app.
  • Careful planning helps achieve a successful app deployment experience.

Read more at http://docs.splunk.com/Documentation/WindowsApp/latest/User/NewtoSplunk

How this add-on fits into the Splunk picture

The Splunk Add-on for Azure is one of a variety of apps and add-ons
available within the Splunk ecosystem. All Splunk apps and add-ons
run on top of a core Splunk installation. You need to install Splunk
first, and then install the components of the Splunk Add-on
for Azure

For specifics about what you'll install where, read "What a Splunk
Add-on for Azure deployment looks like" later in this README.

For details about apps and add-ons, refer to "What are apps and
add-ons?" in the core Splunk product documentation.

To download Splunk, visit the download page on splunk.com.

To get more apps and add-ons, visit Splunk Apps (http://apps.splunk.com).

How to find more information about Splunk

If you have questions about the Splunk App for Azure, send an email
to microsoft@splunk.com.

If your Splunk deployment is large or complex, you might want to
engage a member of Splunk's Professional Services team to assist
you. (http://www.splunk.com/view/professional-services/SP-CAAABH9)

Find more information about Splunk

You've got a variety of options for finding more information about Splunk:

Before you deploy

Read the following sections on the requirements for deploying the
Splunk Add-on for Azure.

Platform and hardware requirements

A Splunk Add-on for Azure installation requires the following components:

What versions of Splunk does the add-on support?

All full Splunk instances require version 6.0.1 or later.

All Splunk universal forwarders require version 6.0.1 or later.

What a Splunk Add-on for Azure installation looks like

The Splunk App for Azure installs onto a full Splunk instance or a
universal forwarder that runs on Windows. The app connects to Windows
Azure using HTTP Representational State Transfer (REST) calls, based
on Azure storage name and key credentials you provide.

If you install the Splunk App for Azure onto a forwarder, that
forwarder sends Azure diagnostic data to the indexer you specify
when you set up the forwarder.

How to deploy the Splunk App for Azure

You can install the Splunk Add-on for Azure on a full instance of
Splunk or a universal forwarder. To install the add-on, follow these

Install the Splunk Add-on for Azure onto Splunk version 6.0 and later

If your Splunk Add-on for Azure instance runs Splunk version 6.0, use
these instructions to install the app.

  1. On a Windows system, install the .NET Framework version 4.5.

Note: You might need to restart your system after installing this software.

  1. Next, download the NuGet command-line utility (http://nuget.org/nuget.exe)
    from NuGet Gallery and save it to an accessible location.

  2. Install full Splunk or a universal forwarder onto the system.

Important: If you are installing a universal forwarder, you must
configure a receiving indexer or a deployment server for the forwarder
to retrieve configurations. Read "Deploy a Windows universal forwarder
via the installer GUI"
in the core Splunk documentation for additional forwarder configuration

  1. Download the Splunk App for Azure installation package from
    Splunk Apps and save it to an accessible location.

  2. Unpack the contents of the Splunk App for Azure as follows:

    a. Unpack the SplunkAzure.tar file into %SPLUNK_HOME%\etc\apps.

Note: On a full instance of Splunk, you can also install the Splunk
App for Azure by uploading the tar file with Splunk Web.

  1. From a command prompt, change to the directory where you downloaded
    the NuGet utility above and run the following commands to download
    and install the Windows Azure Storage Client DLL:

    a. nuget.exe Install WindowsAzure.storage -Version

    b. copy C:\WindowsAzure.Storage.\lib\net35-full\Microsoft.WindowsAzure.StorageClient.dll %SPLUNK_HOME%\etc\apps\SplunkAzure\bin

    Note: Exact directory paths for the DLL might vary; you can
    use Explorer to find the DLL and move it to your Splunk App
    for Azure binary directory.

  2. Restart Splunk for the changes to take effect.

Configure the Splunk Add-on for Azure on a forwarder

  1. Using a text editor, open %SPLUNK_HOME%\etc\apps\SplunkAzure\local\inputs.conf for editing.

Note: The inputs.conf that comes with the Splunk App for Azure
includes sample stanzas which you can modify for your specific Azure
configuration. The key attributes you must provide details for are:

storageAccountKey = Your Windows Azure storage account key
storageAccountName = Your Windows Azure storage account name
type: The type of Windows Azure diagnostic you want to collect data on.
It can be one of:

  • WADPerformanceCountersTable
  • WADDiagnosticInfrastructureLogsTable
  • WADLogsTable
  • WADWindowsEventLogsTable

You might need to create inputs.conf in %SPLUNK_HOME%\etc\apps\SplunkAzure\local if it does not exist there.

  1. Add any desired other attributes to the file as needed.

Note: For information about available attributes for inputs.conf,
read the inputs.conf spec file page

  1. Save the file.

  2. Restart Splunk for the changes to take effect.

The Splunk universal forwarder will send Azure diagnostic data that
it collects to the indexer you specified when you set up the

1 ratings

Version 1.0.2

Community Supported

Ask a Question

Built by Sharad Kylasam