This add-on collects data from Microsoft Azure including the following:
Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise.
|Splunk platform component||Supported||Required||Comments|
|Search Heads||Yes||Yes||This add-on contains search-time knowledge. It is recommended to turn visibility off on your search heads to prevent data duplication errors that can result from running inputs on your search heads instead of (or in addition to) on your data collection node.|
|Heavy Forwarders||Yes||No (but recommended)||It is recommended to install this add-on on a heavy forwarder for data collection. Data collection should be configured in only 1 place to avoid duplicates.|
|Indexers||Yes||No||Not required as the parsing operations occur on the forwarders.|
|Universal Forwarders||No||No||Universal forwarders are not supported for data collection because the modular inputs require Python and the Splunk REST handler.|
Upgrades of the same major version are supported. For example, upgrading from version 2.0.0 to 2.1.0 will work. However, upgrading from version 2.x to 3.x will not work and will cause errors.
Ensure the prerequisites are met above.
Refer to the README.md file included in this package for details.
* Added API version selection for REST inputs
* Removed restart requirements after install
* Updated billing and consumption input
* Improved compatibility with the Splunk Add-on for Microsoft Cloud Services
* Event Hub input deprecated. Please use the Splunk Add-on for Microsoft Cloud Services https://splunkbase.splunk.com/app/3110/
* New input - Microsoft Azure Active Directory Devices
* New input - Microsoft Azure Active Directory Risk Detections
* Fixed an issue where Azure Active Directory sign-in events were truncated
Added support for Azure Gov
Added support for Azure Gov
* Updated to Splunk 8 / Python 3
* Updated the Event Hub Python library to use asyncio
* Event Hub input support for Windows
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.