Azure blob storage archiving

The Splunk Add-on for Azure blob storage archiving application documentation provides a robust and smart archiving framefork solution for Splunk Enterprise and Azure blob storage. It relies on the Splunk built-in archiving capabilities and Azure blob storage and tables via the usage of the Python SDK for Azure. The framework and concept can be summarised the following way: - Splunk automatically calls the AzFrozen2Blob.py Python script when a bucket is frozen from cold storage (assuming archiving is enabled on the index) - The Python script accesses an Azure storage account and verifies in a pre-defined Azure storage table if that bucket ID has been archived already (management of buckets replication for Splunk indexers in cluster) - If the bucket has not been archived yet, a tgz archive of the bucket is created and uploaded to the pre-defined container in Azure blob - If the upload to blob is successful, the Python script inserts a new record in the Azure storage table with all the useful information related to this bucket - If the upload is successful, the script exists with an error code=0 which instructs Splunk that the bucket can be frozen, otherwise the script exit=1 and a new attempt will be made automatically by Splunk See: https://ta-azure-blob-archiving.readthedocs.io *** This is application is for Splunk Enterprise on-premise or private Clouds only, and not intented to be deployed on Splunk Cloud ***