All Apps and Add-ons

Splunk cloud with Azure

New Member

Azure monitor add on for plunk -

This specifically talks about integration with splunk Enterprize and NOT splunk CLOUD.
Below are the queries -

  1. Can splunk cloud read data from event hub?
  2. If no for #1 then do we need to configure everything to read from Storage accounts only?
  3. Does after reading from storage account , splunk will delete the data which is already read and ingested in splunk? Or do we have to clean up data from storage account periodically?
0 Karma

Splunk Employee
Splunk Employee

The Azure Monitor Add-on for Splunk can send data to Splunk Cloud. You would need to run the add-on on a Heavy Weight Forwarder that you own. The forwarder would gather data from Azure and forward on to Splunk Cloud.

Splunk does not delete anything from Storage Accounts (or Event Hubs for that matter). The retention polices set in Azure control how long the data stays around in Azure.

0 Karma

Super Champion

Hi jconger,

getting below error while running npm install as part of TA configuration.

npm WARN package.json azure_monitor@1.2.0 No repository field.
npm WARN package.json azure_monitor@1.2.0 No README data
npm ERR! Linux 3.10.0-693.2.2.el7.x86_64
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "install"
npm ERR! node v0.10.46
npm ERR! npm v2.15.1

npm ERR! network tunneling socket could not be established, cause=read ECONNRESET
npm ERR! network This is most likely not a problem with npm itself
npm ERR! network and is related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly. See: 'npm help config'

npm ERR! Please include the following file with any support request:
npm ERR! /opt/splunk/etc/apps/TA-Azure_Monitor/bin/app/npm-debug.log

If this helps, give a like below.
0 Karma

Super Champion

fixed this. this is issue with proxy.

Found this useful.

If you are behind a proxy, set it correctly in npm.

>npm config set proxy http://proxyhost:proxyport
>npm config set https-proxy http://proxyhost:proxyport

For SSL/https proxies, the protocol in URL should be http not https

I had set https-proxy with https. it was supposed to be http.

If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...