All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Streaming Intune data to Splunk via Azure Event Hub

JMLboro
Engager
‎09-15-2023 03:39 AM

Hi,

I've searched the forums and found one thread about getting Intune data in to Splunk which set me on a path, hopefully, to getting the data in.

I'm working through the guidance here - Splunk Add-on for Microsoft Cloud Services - Splunk Documentation

I have requested and got an Event Hub from the team that look after Azure infrastructure. I've created the Azure app registration, set the API permissions, Access control on the Event Hub, and can see this is being successfully signed in to having configured the Splunk add-on side as well. 

I'm not seeing any data come in to the index though. The one thing I'm unclear on and I haven't been able to work out the definitive answer to is whether I need an Azure storage account in order to store the date.

My reading of the Event Hub configuration options suggested to me that it was capable of some form of retention to allow streaming elsewhere (e.g. setting the retention time) but perhaps that is me misinterpreting it. 

Has anyone successfully got this working and if so, are you using a storage account with this? 

Labels (1)
Labels
0 Karma
Reply

JMLboro
Engager
‎09-15-2023 03:57 AM

I should probably add that we're very early on in our Intune configuration and deployment so there isn't a huge amount going on yet but I've tried generating some test data in the Event Hub itself. 

0 Karma
Reply

JMLboro
Engager
‎01-03-2024 04:54 AM

Turned out I'd misnamed the Event Hub Name by using the namespace instead... sorted now. 

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...