All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Data Parsing Issue - Ingesting The Logs Using Splunk Add-On For Microsoft Cloud Services

anandhalagaras1
Contributor
‎12-26-2024 05:07 AM

Hi All,

We initially received a requirement to configure and ingest logs from Azure Storage Blob. To address this, we installed the Splunk Add-On for Microsoft Cloud Services on our Heavy Forwarder servers and configured it to pull logs from Azure Storage Blob using the Azure Storage Account.

Currently, there's a new requirement to ingest Databricks logs from Azure Storage Blob. We completed the necessary configurations and set the default sourcetype to mscs:storage:blob for data parsing. While the events are visible in Splunk after the configuration, we noticed that the data parsing is not functioning as expected for these events.

As a troubleshooting step, I changed the sourcetype to mscs:storage:blob:json, but the issue still persists.

Could you please assist me in resolving this issue? Your guidance would be greatly appreciated.

 

Labels (3)
0 Karma
Reply

rishabhshah
Path Finder
‎01-06-2025 05:41 AM

Could you please share the sample raw logs and how are those looking in Splunk once they are ingested? Issues with Line breaking, timestamp assignment, field extraction?

0 Karma
Reply

kiran_panchavat
SplunkTrust
SplunkTrust
‎01-02-2025 02:16 AM

@anandhalagaras1 

Have you checked this community page?

https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Microsoft-Cloud-Services-How-... 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

anandhalagaras1
Contributor
‎01-02-2025 03:58 AM

@kiran_panchavat ,

I have tried the same as per the community page but still its the same the data are not getting parsed.

0 Karma
Reply

anandhalagaras1
Contributor
‎01-02-2025 12:05 AM

Can anyone help on my request.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

How Edge Processor's Durable Queue Works

Edge Processor sits in one of the most consequential places in any Splunk pipeline: between your data sources ...