Enterprise Applications deployed in Azure typically log data into Azure diagnostic storage tables. This App enables connecting to and retrieving data from Azure diagnostic storage into Splunk for analysis and reporting purposes.
SPLUNK ADD-ON FOR MICROSOFT WINDOWS AZURE
About the Splunk Add-on for Microsoft Windows Azure
The Splunk Add-on for Microsoft Windows Azure (hereafter known as the
Splunk Add-on for Azure) allows you to get insight on the operation of
your Microsoft Windows Azure installation.
How does it work?
The Splunk Add-on for Azure collects data on four Windows Azure diagnostic
New to Splunk?
If this is the first time you have used Splunk, then follow the
link to the Splunk documentation topic below. It introduces the
most important Splunk concepts you need to understand when installing
and using Splunk apps.
The key points to come away with are:
- All Splunk apps run on the Splunk platform.
- Understanding how Splunk works will greatly help you understand how
Splunk apps work.
- Installing and configuring the app is only part of the experience -
you might need to prepare Splunk before installing your app.
- Careful planning helps achieve a successful app deployment experience.
How this add-on fits into the Splunk picture
The Splunk Add-on for Azure is one of a variety of apps and add-ons
available within the Splunk ecosystem. All Splunk apps and add-ons
run on top of a core Splunk installation. You need to install Splunk
first, and then install the components of the Splunk Add-on
For specifics about what you'll install where, read "What a Splunk
Add-on for Azure deployment looks like" later in this README.
For details about apps and add-ons, refer to "What are apps and
add-ons?" in the core Splunk product documentation.
To download Splunk, visit the download page on splunk.com.
To get more apps and add-ons, visit Splunk Apps (http://apps.splunk.com).
How to find more information about Splunk
If you have questions about the Splunk App for Azure, send an email
If your Splunk deployment is large or complex, you might want to
engage a member of Splunk's Professional Services team to assist
Find more information about Splunk
You've got a variety of options for finding more information about Splunk:
- The core Splunk documentation (http://docs.splunk.com)
- Splunk Answers (http://answers.splunk.com)
- The #splunk IRC channel on EFNET
Before you deploy
Read the following sections on the requirements for deploying the
Splunk Add-on for Azure.
Platform and hardware requirements
A Splunk Add-on for Azure installation requires the following components:
- .NET Framework 4.5 (http://www.microsoft.com/en-us/download/details.aspx?id=30653)
- The Windows Azure Storage Client dynamic link library (DLL)
(WindowsAzure.StorageClient.dll) version 6.0.6002.18488 (from
WindowsAzure Storage version 18.104.22.168)
- The NuGet command-line utility, which allows you to download the
above mentioned DLL (http://nuget.org/nuget.exe)
What versions of Splunk does the add-on support?
All full Splunk instances require version 6.0.1 or later.
All Splunk universal forwarders require version 6.0.1 or later.
What a Splunk Add-on for Azure installation looks like
The Splunk App for Azure installs onto a full Splunk instance or a
universal forwarder that runs on Windows. The app connects to Windows
Azure using HTTP Representational State Transfer (REST) calls, based
on Azure storage name and key credentials you provide.
If you install the Splunk App for Azure onto a forwarder, that
forwarder sends Azure diagnostic data to the indexer you specify
when you set up the forwarder.
How to deploy the Splunk App for Azure
You can install the Splunk Add-on for Azure on a full instance of
Splunk or a universal forwarder. To install the add-on, follow these
Install the Splunk Add-on for Azure onto Splunk version 6.0 and later
If your Splunk Add-on for Azure instance runs Splunk version 6.0, use
these instructions to install the app.
- On a Windows system, install the .NET Framework version 4.5.
Note: You might need to restart your system after installing this software.
Next, download the NuGet command-line utility (http://nuget.org/nuget.exe)
from NuGet Gallery and save it to an accessible location.
Install full Splunk or a universal forwarder onto the system.
Important: If you are installing a universal forwarder, you must
configure a receiving indexer or a deployment server for the forwarder
to retrieve configurations. Read "Deploy a Windows universal forwarder
via the installer GUI"
in the core Splunk documentation for additional forwarder configuration
Download the Splunk App for Azure installation package from
Splunk Apps and save it to an accessible location.
Unpack the contents of the Splunk App for Azure as follows:
a. Unpack the SplunkAzure.tar file into %SPLUNK_HOME%\etc\apps.
Note: On a full instance of Splunk, you can also install the Splunk
App for Azure by uploading the tar file with Splunk Web.
From a command prompt, change to the directory where you downloaded
the NuGet utility above and run the following commands to download
and install the Windows Azure Storage Client DLL:
a. nuget.exe Install WindowsAzure.storage -Version 22.214.171.124
b. copy C:\WindowsAzure.Storage.126.96.36.199\lib\net35-full\Microsoft.WindowsAzure.StorageClient.dll %SPLUNK_HOME%\etc\apps\SplunkAzure\bin
Note: Exact directory paths for the DLL might vary; you can
use Explorer to find the DLL and move it to your Splunk App
for Azure binary directory.
Restart Splunk for the changes to take effect.
Configure the Splunk Add-on for Azure on a forwarder
- Using a text editor, open %SPLUNK_HOME%\etc\apps\SplunkAzure\local\inputs.conf for editing.
Note: The inputs.conf that comes with the Splunk App for Azure
includes sample stanzas which you can modify for your specific Azure
configuration. The key attributes you must provide details for are:
storageAccountKey = Your Windows Azure storage account key
storageAccountName = Your Windows Azure storage account name
type: The type of Windows Azure diagnostic you want to collect data on.
It can be one of:
You might need to create inputs.conf in %SPLUNK_HOME%\etc\apps\SplunkAzure\local if it does not exist there.
- Add any desired other attributes to the file as needed.
Note: For information about available attributes for inputs.conf,
read the inputs.conf spec file page
Save the file.
Restart Splunk for the changes to take effect.
The Splunk universal forwarder will send Azure diagnostic data that
it collects to the indexer you specified when you set up the