Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Splunk Add-on for Microsoft Azure
MD5 checksum (splunk-add-on-for-microsoft-azure_123.tgz) 4e5718edab5e40c595853aab2914bdc7 MD5 checksum (splunk-add-on-for-microsoft-azure_122.tgz) 8a14fd0fbda77c66522d9f58dfc595d8 MD5 checksum (splunk-add-on-for-microsoft-azure_121.tgz) 4583bf5a39bb8e10f20a0a030079471f MD5 checksum (splunk-add-on-for-microsoft-azure_120.tgz) d34e3939a67502fedc934228b594a135 MD5 checksum (splunk-add-on-for-microsoft-azure_110.tgz) 32a778ab55d8b9f6c7aac6747ee2b0f1 MD5 checksum (splunk-add-on-for-microsoft-azure_100.tgz) 1e9a7a000299473e66e40517527e5459
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Description required

Splunk Add-on for Microsoft Azure

Overview
Details
This add-on has been deprecated. Please use the Splunk-supported Splunk Add-on for Microsoft Cloud Services at https://splunkbase.splunk.com/app/3110/

The Splunk Add-on for Microsoft Azure collects valuable diagnostic, performance, audit, and security data for your infrastructure and websites running in Microsoft Azure.

Performance and diagnostic information is collected from Azure Storage Tables and Azure Storage Blobs. Audit data is collected from the Azure Insights Events API. Network Security Group data is collect from Azure Storage Blobs. Several prebuilt panels are included with this add-on. See the "Documentation" tab for more information.

Welcome to the Add-on for Azure Diagnostics

This add-on is designed to collect performance, diagnostic, and audit information from Microsoft Azure. Performance and diagnostic information is collected from Azure Storage Tables and Azure Storage Blobs. Audit data is collected from the Azure Insights Events API. Network Security Group data is collected from Azure Storage Blobs.

Prerequisites

For Performance and Diagnostics:

  1. An Azure Storage Account
  2. Azure Virtual Machine(s) and/or Azure Website(s) that write diagnostic information to an Azure storage account
  3. Azure Storage Account Access Key

For Audit:

  1. An Azure Active Directory application - refer to the document titled "Azure Audit Setup Instructions.pdf" in the docs directory within the add-on for step-by-step instructions.

For Network Secuirty Groups (NSG):

  1. An Azure Storage Account
  2. Network Security Group(s) logging data to Azure Storage Blob(s)
  3. Azure Storage Account Access Key

Setup

There are 2 steps involved in setting up Splunk to consume diagnostic information from Azure:

  1. Setup Azure Virtual Machine(s) and/or Azure Website(s) to log diagnostic information to an Azure Storage Account
  2. Setup Splunk to read the diagnostic logs

Setting up Azure Virtual Machines to log diagnostic information to an Azure Storage Account

  • Log in to your Azure portal
  • Click on the "Virtual Machines" menu item
  • Select the Virtual Machine you want to configure
  • Click "Diagnostics" in the "Settings" blade
  • Select your Azure Storage Account and the items to be logged to the account
Note about WAD Metrics PT1M and PT1H tables

These two tables collect further detailed metric data aggregated to either 1 minute or 1 hour. It is not recommended to enable data collections on both of these tables as duplicate information will be logged to Splunk.

Setting up Azure Websites to log diagnostic information to an Azure Storage Account

  • Log in to your Azure portal
  • Locate your website
  • In the "Settings" blade, choose Diagnostics logs
  • Select your Azure Storage Account and the items to be logged to the account

Setting up Splunk to read Azure diagnostic logs

  • Within Splunk, click Settings -> Data inputs
  • Click the "Azure Diagnostics" input or "Azure Website Diagnostics" input
  • Click on the "New" button to create a new data input
  • Give the input a unique name
  • Supply the name of the Azure Storage account containing the log data
  • Supply the Azure Storage account access key - refer to the section below for details on how to obtain your storage account access key
  • Optional: Specify a polling interval (this interval is how often the input checks for new data)
  • Optional: Specify a starting date/time

How to obtain your Azure Storage Account access key

  • Log in to your Azure portal
  • Click "All resources" in the menu
  • Select the Storage Account that contains the diagnostic information
  • Click "Access keys" in the "Settings" blade

What Data is Collected?

The add-on currently pulls data from the following data sources:

Azure Storage Tables

  • Windows Event Logs - via WADWindowsEventLogsTable
  • Base performance counters - via WADPerformanceCountersTable
  • Metrics (1 minute aggregates) - via WADMetricsPT1M tables
  • Metrics (1 hour aggregates) - via WADMetricsPT1H
  • Infrastructure Diagnostics - via WADDiagnosticInfrastructureLogsTable

Azure Blob Tables

  • Webserver logging
  • Web application logging

Add Prebuilt Panels to Dashboards

This Add-on contains several prebuilt panels that you can add to your own custom dashboards. For more information about this, check out the Splunk documentation on dashboard panels.

Release Notes

Version: 1.2.3

Aug. 17, 2016, 4:06 a.m.

Platform Independent

6.4, 6.3, 6.2

Version: 1.2.2

Azure Audit bug fixes

June 1, 2016, 1:41 a.m.

Platform Independent

6.4, 6.3, 6.2, 6.1

Version: 1.2.1

Bug fix in table collector NSG panel added

May 10, 2016, 7:31 p.m.

Platform Independent

6.4, 6.3, 6.2, 6.1, 6.0

Version: 1.2.0

Added support for Network Security Groups Added support for generic Azure Storage Tables

April 25, 2016, 10:05 p.m.

Platform Independent

6.4, 6.3, 6.2, 6.1

Version: 1.1.0

This release adds support for Azure Audit Logs

March 24, 2016, 9:28 p.m.

Platform Independent

6.4, 6.3, 6.2, 6.1, 6.0

Version: 1.0.0

This add-on is designed to collect performance and diagnostic information from Microsoft Azure. Performance and diagnostic information is collected from Azure Storage Tables and Azure Storage Blobs. Several prebuilt panels are included with this add-on. See the "Documentation" tab for more information.

March 9, 2016, 9:43 p.m.

Platform Independent

6.3, 6.2, 6.1

170
Installs
1,147
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
1.2.3
Category
IT Operations
Product Support
Splunk Enterprise
Splunk IT Service Intelligence
Content Type
Add-on
Splunk Versions
6.4
6.3
6.2
Licensing
PRE RELEASE SOFTWARE LICENSE AGREEMENT
Platforms
Platform Independent
Built by
Jason Conger

Subscribe Share

Splunk Certified

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2016 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.