Think you could ping me so we could chat about it? I feel like I've set this up ok but no data... 😕
Ok here is the real way to do this 🙂
https://answers.splunk.com/answers/678660/how-to-really-get-logs-from-azure-and-o365-into-sp.html
I'm not sure either. All the instructions say to get the *.SPL file from the packages folder. There is no file there. It should also install to $SPLUNK_HOME/etc/apps/TA-Azure_Monitor. But, there is only a way to clone the zip from GIT, so it actually installs to $SPLUNK_HOME$/etc/apps/AzureMonitorAddonForSplunk-master
Ok here is the real way to do this 🙂
https://answers.splunk.com/answers/678660/how-to-really-get-logs-from-azure-and-o365-into-sp.html
so...you have to be on version 6.6+ of splunk and you have to be running this from an azure marketplace splunk enterprise version in your azure subscription...you can then send via outputs.conf to your splunk core...
Hi @marycordovacaa,
Does Splunk 7.0.0 version support this add on because I am not getting any data after doing the configurations?
Thank you!
hey...i guess i should setup some email notifications so i see these sooner...sorry 😞
anyway, do you have this running on the Azure Marketplace Splunk deployment? it only works there
i do actually have a whole new what of doing this that actually works without using any of the various TAs
ill do a write up and post a link to it for you