Re: Microsoft Azure Add-on for Splunk - non-intera...

wstarowicz · ‎10-22-2020

Hi, I'm trying to get Sign-ins for Azure. It seems that add-on is only fetching interactive sign-ins and not-interactive not. IS there a possibility to fetch these also? They are showing in Azure console as "User sign-ins (non-interactive)"

.

hughkelley · ‎06-09-2021

Azure AD sign-in logs -> Azure event hub -> Splunk.

Just make sure you're using v4.1.3 of the Splunk Add-on for Microsoft Cloud Services. Prior versions didn't handle event hubs properly.

https://splunkbase.splunk.com/app/3110/

hughkelley · ‎06-02-2021

The latest version of the Splunk Add-on for Microsoft Cloud Services (4.1.3) reads from event hubs. You can send the non-interactive sign-in Azure logs to an event hub and then consume from there.

hughkelley · ‎05-27-2021

I'm looking for the same. Based on this blog and my poking around the Graph API, I don't think they're easily accessible.

https://www.michev.info/Blog/Post/3127/azure-ad-sign-in-logs-for-service-principals-and-other-recent...

I'm looking into the Log Analytics Space -> Splunk options now.

Microsoft Azure Add-on for Splunk - non-interactive signins

configuration

development

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation