I already know that I can collect application logs into Azure application insight, and use a storage account streaming this data to event hub, but can splunk pull this data? if yes, how can I configure input in Splunk to do that.
If someone has a documentation about that it will be very helpful.
This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/
regards,
Hello larmesto,
is it possible to grab application logs which are stored in an azure event hub as well or only acitivity logs?
Hello
Yes, there are several apps and add-ons that are available to pull data from event hub.
have a look at this app:
https://splunkbase.splunk.com/app/3534/
Also,have a look at this detail documentation:
https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...
let me know if this helps!
@Koko12345678, out of curiosity ,
Any how you have application logs in Azure for long term storage , and may i know why again you want to index this data from AZure to Splunk ?( any specific requirement )
I couldn't see anything that related to Azure application logs.
just activity log, diagnostic logs and metrics
well i meant that you can monitor event hub data. so it could be anything this app monitors event hub.If you send application logs to event hub add-on will get data from event hub. you can give it a try.
Another approach is using HTTP event collector.
https://github.com/Microsoft/AzureFunctionforSplunkVS
have a look at this link.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-eve...
to pull data from Event Hub you need also to configure input on the add-on side, this is why I'm asking if I can configure the add-on to also pull for application logs
I have never tried it. But I think Yes you can configure.you can give it a try
ok thanks