How to send data to Splunk from Azure Event Hub?

pcontreras — Fri, 21 Oct 2022 19:54:52 GMT

Hello there!

I've been ingesting data from Azure Storage Explorer via the Splunk Add-On for Microsoft Cloud Services app, however, I now wish to ingest data from an Azure Event Hub.

I know I can either create an input in the same app or use the Microsoft Azure Add-on for Splunk app. Is there a way to specify which partition to collect data from? Furthermore, is there a way to send data to different indexes and sourcetypes from 1 Event Hub?

I'm working on Splunk Cloud, so I currently don't have access to config files.

Thanks in advance!

Re: How to send data to Splunk from Azure Event Hub?

FrankVl — Mon, 31 Oct 2022 13:00:05 GMT

if you're familiar with Azure Logic Apps, you could consider using those to get events from the Event Hub and push them to a Splunk HEC input. The logic app can then also contain some logic to assign different index/sourcetype etc. to the data (as part of the HEC metadata fields).

I just noticed someone also built a Splunk App around that approach: https://splunkbase.splunk.com/app/6223

topic How to send data to Splunk from Azure Event Hub? in Getting Data In

How to send data to Splunk from Azure Event Hub?

Re: How to send data to Splunk from Azure Event Hub?