This add-on collects data from Microsoft Azure including the following:
Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise.
|Splunk platform component||Supported||Required||Comments|
|Search Heads||Yes||Yes||This add-on contains search-time knowledge. It is recommended to turn visibility off on your search heads to prevent data duplication errors that can result from running inputs on your search heads instead of (or in addition to) on your data collection node.|
|Heavy Forwarders||Yes||No (but recommended)||It is recommended to install this add-on on a heavy forwarder for data collection. Data collection should be configured in only 1 place to avoid duplicates.|
|Indexers||Yes||No||Not required as the parsing operations occur on the forwarders.|
|Universal Forwarders||No||No||Universal forwarders are not supported for data collection because the modular inputs require Python and the Splunk REST handler.|
Ensure the prerequisites are met above.
Refer to the README.md file included in this package for details.
Added a check for number of threads in the metrics input to ensure no more than 25 threads can be specified. This is a necessary check for Splunk Cloud.
* Added Instance View collection for Virtual Machines. Instance View keeps track of the provisioning and power state of Virtual Machines.
* Fixed an issue with Security Center Alerts and Tasks retrieving duplicate records.
Consolidates the following add-ons into this one add-on:
- Microsoft Azure Billing Add-on for Splunk
- Microsoft Azure Active Directory Add-on for Splunk
- Microsoft Azure Metadata Inventory Add-on for Splunk
Added inputs for the following:
- Event Hubs
- Resource Graph
- Reservation Recommendations
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.