What are the differences between the Microsoft Azure Add on for Splunk and Add-on for Microsoft Cloud Services? Is there any overlap, or does each add-on pull from separate Azure event types (sourcetypes)?
It's very confusing to try and see and compare what each Microsoft cloud related add-on does what/pulls from what log source.
Thx
It's mainly the inputs. The Splunk Add-on for Microsoft Cloud Services (MSCS) collects 5 main things:
The Microsoft Azure Add-on for Splunk has 15 inputs. I won't list them all, but here are are a few:
A more detailed rundown of the add-ons can be found here -> http://bit.ly/Splunk_Azure_Add-ons
Same way can we have details on Azure add-on Monitor also ?
It's mainly the inputs. The Splunk Add-on for Microsoft Cloud Services (MSCS) collects 5 main things:
The Microsoft Azure Add-on for Splunk has 15 inputs. I won't list them all, but here are are a few:
A more detailed rundown of the add-ons can be found here -> http://bit.ly/Splunk_Azure_Add-ons
Is the sourcetype [mscs:azure:security:recommendation] still part of Splunk Add-on for Microsoft Cloud Services?
I have enabled all the inputs, but this sourcetype does not show up. The dashboard, Security Center Recommendations, in Splunk App Template for Microsoft Azure is blank.
With these add ons grabbing from the same general source, am I able to use the same App Registration for both? Or will there be conflicts for the Inputs?
Second part....these both go to an IDM correct?
Thx a million for the reply and the link to the spreadsheet as that is a great matrix. Was worried that there would be overlap between the two add-ons as I already have the Microsoft Azure Add on for Splunk installed and was looking at how to pull the other Azure service events and it appears that MSCS will get me that info without duplicating what Azure add-on does.
Thx so much!