Source types for the Splunk Add on for Microsoft Azure - splunk/splunk-add-on-microsoft-azure GitHub Wiki

The Splunk Add-on for Microsoft Azure provides the index-time and search-time knowledge for Microsoft Azure data in the following formats:

Data source	Default sourcetype(s)
Azure Active Directory Interactive Sign-ins	`azure:aad:signin`
Azure Active Directory Users	`azure:aad:user`
Azure Active Directory Groups	`azure:aad:group`
Azure Active Directory Audit	`azure:aad:audit`
Azure Active Directory Risk Detection	`azure:aad:risk:detection`
Azure Active Directory Devices	`azure:aad:device`
Metrics	`azure:metrics`
Security Center	`azure:securityCenter:alert` `azure:securityCenter:task`
Subscriptions	`azure:subscriptions`
Resource Groups	`azure:resource:group`
Virtual Networks	`azure:vnet` `azure:vnet:nic` `azure:vnet:nsg` `azure:vnet:ip:public`
Compute	`azure:compute:vm` `azure:compute:disk` `azure:compute:image` `azure:compute:snapshot`
Azure Billing and Consumption	`azure:billing`
Azure Reservation Recommendation	`azure:reservation:recommendation`
Azure Resource Graph	`azure:resourcegraph`
Azure Topology (automatic)	`azure:topology`
Azure Topology (manual)	`azure:topology`