Connect to your Azure Account with Splunk Add on for Microsoft Azure - splunk/splunk-add-on-microsoft-azure GitHub Wiki
Connect between the Splunk Add-on for Microsoft Azure and your Azure account so that you can ingest your Microsoft Azure data into the Splunk platform. You can configure this connection using Splunk Web on your data collection node (recommended), or using the configuration files. To create an Azure App account, you need a Global Administrator to grant you the permissions.
Before you complete these steps, follow the directions in Create an Azure AD App Registration to prepare your Microsoft account for this integration.
Access Splunk Web on the node of your Splunk platform installation that collects data for this add-on.
- Launch the add-on, then click Configuration.
- Click Account > Add.
- Enter a friendly Name for the account.
- Enter the Client ID and Client Secret.
- Click Add.
If you do not have access to Splunk Web on your data collection node, you can configure the connection to your account using the configuration files.
- Create or open
$SPLUNK_HOME/etc/apps/TA-MS-AAD/local/ta_ms_aad_account.conf. - Add the following stanza:
[<account_stanza_name>]
username = <value>
password = <value>
| Attribute | Corresponding name in Splunk Web | Description |
|---|---|---|
account_stanza_name |
Name | Enter a friendly name for your Azure app account |
username |
Client ID | Use the Client ID that Azure AD automatically assigned to your integration application |
password |
Client Secret | Enter the password for Client ID |
- Configure the desired inputs. Refer to the menu on this Wiki for input-specific configuration options.
