Solved: Re: V 2.0 With this app having an integration with...

Esky73 · ‎10-21-2019

Does this pull the same metrics from Event hubs as Azure_monitor ?

Activity log, ?
Diagnostic ?
Metrics, ?

thanks.

jconger · ‎10-22-2019

Yes, this add-on pulls in the same Event Hub data (Activity Log and Diagnostic Logs) as the Azure Monitor add-on. The setup experience in the MS Azure Add-on for Splunk is simplified as well - all you need is the Event Hub connection string and the name of the Event Hub you want to query. You don't need a key vault or service principal.

Also, this add-on collects metrics from the same place the Azure Monitor add-on uses ( https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-supported ).

View solution in original post

jconger · ‎10-22-2019

Yes, this add-on pulls in the same Event Hub data (Activity Log and Diagnostic Logs) as the Azure Monitor add-on. The setup experience in the MS Azure Add-on for Splunk is simplified as well - all you need is the Event Hub connection string and the name of the Event Hub you want to query. You don't need a key vault or service principal.

Also, this add-on collects metrics from the same place the Azure Monitor add-on uses ( https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-supported ).

Esky73 · ‎10-22-2019

Thanks Jason

V 2.0 With this app having an integration with Eventhubs whats the Overlap and gaps between the Azure Monitor App ?

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup