Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I collect application logs from Azure to Splunk?

Koko12345678
Explorer
‎08-27-2018 01:46 AM

I already know that I can collect application logs into Azure application insight, and use a storage account streaming this data to event hub, but can splunk pull this data? if yes, how can I configure input in Splunk to do that.
If someone has a documentation about that it will be very helpful.

Tags (2)
0 Karma
Reply

larmesto
Path Finder
‎01-07-2019 09:42 AM

This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/

regards,

0 Karma
Reply

Paul1896
Path Finder
‎03-09-2020 05:34 AM

Hello larmesto,

is it possible to grab application logs which are stored in an azure event hub as well or only acitivity logs?

0 Karma
Reply

mayurr98
Super Champion
‎08-27-2018 01:51 AM

Hello

Yes, there are several apps and add-ons that are available to pull data from event hub.
have a look at this app:
https://splunkbase.splunk.com/app/3534/

Also,have a look at this detail documentation:
https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

let me know if this helps!

0 Karma
Reply

saikiran334
Explorer
‎04-20-2020 09:10 AM

@Koko12345678, out of curiosity ,
Any how you have application logs in Azure for long term storage , and may i know why again you want to index this data from AZure to Splunk ?( any specific requirement )

0 Karma
Reply

Koko12345678
Explorer
‎08-27-2018 06:21 AM

I couldn't see anything that related to Azure application logs.
just activity log, diagnostic logs and metrics

0 Karma
Reply

mayurr98
Super Champion
‎08-27-2018 07:05 AM

well i meant that you can monitor event hub data. so it could be anything this app monitors event hub.If you send application logs to event hub add-on will get data from event hub. you can give it a try.

Another approach is using HTTP event collector.
https://github.com/Microsoft/AzureFunctionforSplunkVS
have a look at this link.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-eve...

0 Karma
Reply

Koko12345678
Explorer
‎08-30-2018 03:09 AM

to pull data from Event Hub you need also to configure input on the add-on side, this is why I'm asking if I can configure the add-on to also pull for application logs

0 Karma
Reply

mayurr98
Super Champion
‎08-30-2018 04:58 AM

I have never tried it. But I think Yes you can configure.you can give it a try

0 Karma
Reply

Koko12345678
Explorer
‎08-30-2018 05:02 AM

ok thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...