All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Data Parsing Issue - Ingesting The Logs Using Splu...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Data Parsing Issue - Ingesting The Logs Using Splunk Add-On For Microsoft Cloud Services
anandhalagaras1
Contributor
12-26-2024
05:07 AM
Hi All,
We initially received a requirement to configure and ingest logs from Azure Storage Blob. To address this, we installed the Splunk Add-On for Microsoft Cloud Services on our Heavy Forwarder servers and configured it to pull logs from Azure Storage Blob using the Azure Storage Account.
Currently, there's a new requirement to ingest Databricks logs from Azure Storage Blob. We completed the necessary configurations and set the default sourcetype to mscs:storage:blob for data parsing. While the events are visible in Splunk after the configuration, we noticed that the data parsing is not functioning as expected for these events.
As a troubleshooting step, I changed the sourcetype to mscs:storage:blob:json, but the issue still persists.
Could you please assist me in resolving this issue? Your guidance would be greatly appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rishabhshah
Path Finder
01-06-2025
05:41 AM
Could you please share the sample raw logs and how are those looking in Splunk once they are ingested? Issues with Line breaking, timestamp assignment, field extraction?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
01-02-2025
02:16 AM
Have you checked this community page?
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anandhalagaras1
Contributor
01-02-2025
03:58 AM
I have tried the same as per the community page but still its the same the data are not getting parsed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anandhalagaras1
Contributor
01-02-2025
12:05 AM
Can anyone help on my request.
Get Updates on the Splunk Community!
Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...
This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Now Playing: Splunk Education Summer Learning Premieres
It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...
The Visibility Gap: Hybrid Networks and IT Services
The most forward thinking enterprises among us see their network as much more than infrastructure – it's their ...
