Solved: Azure Sign In logs in Real Time

quantrium-anant · ‎08-07-2024

Hello

I am new to Splunk.

I wish to use the sign in information from Azure AD/Entra ID. Is there a way to get these logs (sign-in logs) in real-time? Or probably even the syslog for sign-in activity?

I have been through Microsoft Log Analytics Workspace, it suggests latency for the same to be 20 sec to 3 min. Is there a way to reduce this?

Is a documentation supporting confirming the latency limits?

isoutamo · ‎08-08-2024

Hi

have you try this https://splunkbase.splunk.com/app/3757 ?

Of course if the issue is that Azure has this internal delays there is nothing that could fixed by integrations. If this is the issue, then you should contact to Azure support and ask from them if there are any workarounds for it.

r. Ismo

View solution in original post

isoutamo · ‎08-08-2024

Hi

have you try this https://splunkbase.splunk.com/app/3757 ?

Of course if the issue is that Azure has this internal delays there is nothing that could fixed by integrations. If this is the issue, then you should contact to Azure support and ask from them if there are any workarounds for it.

r. Ismo

quantrium-anant · ‎08-08-2024

Thank you @isoutamo for your reply.

I will look into the tool.

Azure Sign In logs in Real Time

syslog

Monitoring MariaDB and MySQL

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Federated Analytics for Amazon Security Lake