All Apps and Add-ons

Splunk Add-on for Microsoft Cloud Services: NO Azure Audit logs.

New Member

I created Azure Audit input. I have no logs when I open 'Search tab' and search for logs by index(specified when creating Audit input).
User which I use in 'Azure App Account' is Global administrator in azure.

What I'm doing wrong?

0 Karma

Path Finder

I had to have our Azure admin enter his creds while remoted into my pc when I was setting up the app's configs/API integrations when it prompted to sign in after setting the API key etc for the app to use.

0 Karma

New Member

I basically have the same issue, but I do know it's a permissions issue. My splunk logs show this error:
APIError: "status=403, error_code=AuthorizationFailed, error_msg=The client 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx1133' with object id ''xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx1133' does not have authorization to perform action 'microsoft.insights/eventtypes/values/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx12f4'."

I thought I configured everything correctly, but it's not pulling it. I use the same Active Directory Application in Azure AD for pulling Office 365 Management API Inputs and that works fine.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!