We evaluated the Splunk Add-on for Microsoft Cloud Services some time back, and it was clear that it hooked the various O365 and Azure management and service APIs.
However, Microsoft (MS) offers log aggregation through OMS Log Analytics, which itself has a search API that can consolidate and expose all logs from O365 and Azure.
This means a lot less work on the Splunk side in order to pull logs and events, when using a broad cloud toolset.
Does the add-on have any support for the OMS Log Analytics API? If not, are there plans to add it? Failing that, could a generic REST API add-on provide the same function in order to simply pull all logs and events that are exposed?
No but I’ve got an oms inputs app coming soon. Hang tight it’s going through testing right now.
Hi did this OMS input app get done? I want to query OMS, and don't think the Microsoft Cloud Services App does it