Which approch is easier to implement- installing U...

Koko12345678 · ‎07-16-2018

from what I understood with Splunk Add-on for Microsoft Cloud Services, there are some configuration that I will have to perform, while with UF just an installation is required, which approach is preferred? and why?

thanks

Koko12345678 · ‎07-16-2018

Thanks for the answer, but I still don't understand what is the benefit of using one over the other.
let's assume I used UF before it's more familiar to me, why should I'll want to work with new configuration of the add on?

kmorris_splunk · ‎07-16-2018

In my opinion, the Splunk Add-on for Microsoft Cloud Services would be the better route. As with any Splunk Add-on, you will have the added value of things like field extractions. The Add-on also communicates via API, so I'm not even sure you could easily get at the same data. Also, you would still have to configure a Universal Forwarder to point it at the data sources you want to ingest, with the added task of extracting fields.

Here is a link to a blog post which helps with the configuration of the Add-on. I have had a few customers successfully utilize this post when configuring the Add-on.

https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html

Koko12345678 · ‎07-16-2018

Thanks for the answer, but I still don't understand what is the benefit of using one over the other.
let's assume I used UF before it's more familiar to me, why should I'll want to work with new configuration of the add on?

Which approch is easier to implement- installing Universal Forwarder(UF) or using the Splunk Add-on for Microsoft Cloud Services

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!