topic Re: Does anyone have experience with using Data Manager for Azure and Splunk ES? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Does-anyone-have-experience-with-using-Data-Manager-for-Azure/m-p/620654#M106939 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/100202">@Junie</a>,</P><P>in a recent project, I preferred to use for Data ingestion some Add-Ons as:</P><P>Splunk Add-On for Microsoft Office 365 (<A href="https://splunkbase.splunk.com/app/4055" target="_blank">https://splunkbase.splunk.com/app/4055</A>)</P><P>Splunk Add-On for Microsoft Azure (<A href="https://splunkbase.splunk.com/app/3757" target="_blank">https://splunkbase.splunk.com/app/3757</A>)</P><P>Ciao.</P><P>Giuseppe</P> Sat, 12 Nov 2022 10:25:06 GMT gcusello 2022-11-12T10:25:06Z Does anyone have experience with using Data Manager for Azure and Splunk ES? https://community.splunk.com/t5/Getting-Data-In/Does-anyone-have-experience-with-using-Data-Manager-for-Azure/m-p/620636#M106937 <P>Hi there!&nbsp; I'm wondering if anyone out there has experience with using Data Manager for Azure onboarding.</P> <P>According to this link <A href="https://docs.splunk.com/Documentation/DM/1.7.0/User/GDIOverview#Getting_data_in_for_Microsoft_Azure" target="_blank" rel="noopener">https://docs.splunk.com/Documentation/DM/1.7.0/User/GDIOverview#Getting_data_in_for_Microsoft_Azure</A> it shows that there are only TWO supported sourcetypes, azure:monitor:aad and azure:monitor:activity.</P> <P>The searches for Enterprise Security Analytic Stories for Azure uses a macro named azuread which is looking for a specific sourcetype (mscs:azure:eventhub).&nbsp; Does DM contain that sourcetype needed for the ES stories?&nbsp; Or will I still need to be ingesting eventhub via the Splunk Add-on for Microsoft Cloud Services TA?</P> <DIV>&nbsp;</DIV> <DIV class=""> <DIV> <DIV> <DIV> <DIV class="">&nbsp;</DIV> </DIV> </DIV> </DIV> </DIV> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 11 Nov 2022 19:00:06 GMT https://community.splunk.com/t5/Getting-Data-In/Does-anyone-have-experience-with-using-Data-Manager-for-Azure/m-p/620636#M106937 Junie 2022-11-11T19:00:06Z Re: Does anyone have experience with using Data Manager for Azure and Splunk ES? https://community.splunk.com/t5/Getting-Data-In/Does-anyone-have-experience-with-using-Data-Manager-for-Azure/m-p/620654#M106939 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/100202">@Junie</a>,</P><P>in a recent project, I preferred to use for Data ingestion some Add-Ons as:</P><P>Splunk Add-On for Microsoft Office 365 (<A href="https://splunkbase.splunk.com/app/4055" target="_blank">https://splunkbase.splunk.com/app/4055</A>)</P><P>Splunk Add-On for Microsoft Azure (<A href="https://splunkbase.splunk.com/app/3757" target="_blank">https://splunkbase.splunk.com/app/3757</A>)</P><P>Ciao.</P><P>Giuseppe</P> Sat, 12 Nov 2022 10:25:06 GMT https://community.splunk.com/t5/Getting-Data-In/Does-anyone-have-experience-with-using-Data-Manager-for-Azure/m-p/620654#M106939 gcusello 2022-11-12T10:25:06Z