topic A splunk command to query Azure Monitor in Splunk Dev https://community.splunk.com/t5/Splunk-Dev/A-splunk-command-to-query-Azure-Monitor/m-p/756396#M12074 <P>Azure Monitor collects metrics and logs across many different resource types. For example, if you want to view CPU and memory metrics for <EM>all</EM> App Service Plans across <EM>all</EM> subscriptions, how would you typically do that? As far as I know, most approaches require exporting this data into Splunk and then querying it from there.</P><P>But what if we had a solution that lets Splunk query Azure Monitor data <STRONG>directly</STRONG>, in real time—without ingestion? Data would remain live in Azure, and Splunk would simply query it on demand, giving us more flexibility and control.</P><P>Think about scenarios where you want to run the same query across multiple Log Analytics workspaces. This solution makes that possible as well.</P><P>Personally, I prefer Splunk’s alerting capabilities over Azure’s. If we can query Azure Monitor data directly, we can also leverage Splunk alerts without needing to ingest anything first.</P><P>If anyone is interested, I’m happy to share the initial version of the app I’ve built.</P> Thu, 11 Dec 2025 02:28:12 GMT mrnobita 2025-12-11T02:28:12Z A splunk command to query Azure Monitor https://community.splunk.com/t5/Splunk-Dev/A-splunk-command-to-query-Azure-Monitor/m-p/756396#M12074 <P>Azure Monitor collects metrics and logs across many different resource types. For example, if you want to view CPU and memory metrics for <EM>all</EM> App Service Plans across <EM>all</EM> subscriptions, how would you typically do that? As far as I know, most approaches require exporting this data into Splunk and then querying it from there.</P><P>But what if we had a solution that lets Splunk query Azure Monitor data <STRONG>directly</STRONG>, in real time—without ingestion? Data would remain live in Azure, and Splunk would simply query it on demand, giving us more flexibility and control.</P><P>Think about scenarios where you want to run the same query across multiple Log Analytics workspaces. This solution makes that possible as well.</P><P>Personally, I prefer Splunk’s alerting capabilities over Azure’s. If we can query Azure Monitor data directly, we can also leverage Splunk alerts without needing to ingest anything first.</P><P>If anyone is interested, I’m happy to share the initial version of the app I’ve built.</P> Thu, 11 Dec 2025 02:28:12 GMT https://community.splunk.com/t5/Splunk-Dev/A-splunk-command-to-query-Azure-Monitor/m-p/756396#M12074 mrnobita 2025-12-11T02:28:12Z