Azure monitor add on for plunk - https://github.com/Microsoft/AzureMonitorAddonForSplunk/wiki/Azure-Monitor-Addon-For-Splunk
This specifically talks about integration with splunk Enterprize and NOT splunk CLOUD.
Below are the queries -
The Azure Monitor Add-on for Splunk can send data to Splunk Cloud. You would need to run the add-on on a Heavy Weight Forwarder that you own. The forwarder would gather data from Azure and forward on to Splunk Cloud.
Splunk does not delete anything from Storage Accounts (or Event Hubs for that matter). The retention polices set in Azure control how long the data stays around in Azure.
getting below error while running npm install as part of TA configuration.
npm WARN package.json firstname.lastname@example.org No repository field.
npm WARN package.json email@example.com No README data
npm ERR! Linux 3.10.0-693.2.2.el7.x86_64
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v0.10.46
npm ERR! npm v2.15.1
npm ERR! code ECONNRESET
npm ERR! network tunneling socket could not be established, cause=read ECONNRESET
npm ERR! network This is most likely not a problem with npm itself
npm ERR! network and is related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly. See: 'npm help config'
npm ERR! Please include the following file with any support request:
npm ERR! /opt/splunk/etc/apps/TA-Azure_Monitor/bin/app/npm-debug.log
fixed this. this is issue with proxy.
Found this useful.
If you are behind a proxy, set it correctly in npm. >npm config set proxy http://proxyhost:proxyport >npm config set https-proxy http://proxyhost:proxyport Notes: For SSL/https proxies, the protocol in URL should be http not https
I had set https-proxy with https. it was supposed to be http.