I have installed Microsoft Azure Inventory Add-on for Splunk and created and index " azure" and have added the inputs and have provided the Azure Subscription ID and Tenant ID. But I could not pull the logs from azure to Splunk. Can anyone help me in this?
You will need to add the Azure AD application registration's Client ID (a.k.a. Application ID) and Client Secret (a.k.a. Key) by going to Configuration -> Add-on Settings.
Reference -> https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-porta...
Assign the application the Reader role to your subscription(s).