I've tried searching the Internet far and wide for some guidance. I've installed the Microsoft Azure Billing Add-on in my Splunk instance and successfully configured it with our Azure tenancy subscription as i can see data being ingested.
My question is, does anyone have any example queries or dashboards they could share with me in querying some of this data? Some useful reports that could be used for the purposes of viewing billing details.
Would really appreciate some direction.
Did you get any examples to share?
- It is amazing how much detail is in each of these JSON structured Billing records.
- On the other hand, getting this 24+ hours later, is an issue.
Here is one overview search by subscription, cumulative from beginning of month:
sourcetype="azure:billing" earliest=@mon latest=-1d@h | spath properties.pretaxCost | dedup name |bucket _time span=1d | timechart sum("properties.pretaxCost") AS cost by properties.subscriptionName | streamstats sum(*) as *
Choose visualization as stacked area chart.
Note: The dedup on "name" to remove duplicate billing records.