Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I collect application logs from Azure to Splunk?

Koko12345678
Explorer
‎08-27-2018 01:46 AM

I already know that I can collect application logs into Azure application insight, and use a storage account streaming this data to event hub, but can splunk pull this data? if yes, how can I configure input in Splunk to do that.
If someone has a documentation about that it will be very helpful.

Tags (2)
0 Karma
Reply

larmesto
Path Finder
‎01-07-2019 09:42 AM

This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/

regards,

0 Karma
Reply

Paul1896
Path Finder
‎03-09-2020 05:34 AM

Hello larmesto,

is it possible to grab application logs which are stored in an azure event hub as well or only acitivity logs?

0 Karma
Reply

mayurr98
Super Champion
‎08-27-2018 01:51 AM

Hello

Yes, there are several apps and add-ons that are available to pull data from event hub.
have a look at this app:
https://splunkbase.splunk.com/app/3534/

Also,have a look at this detail documentation:
https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

let me know if this helps!

0 Karma
Reply

saikiran334
Explorer
‎04-20-2020 09:10 AM

@Koko12345678, out of curiosity ,
Any how you have application logs in Azure for long term storage , and may i know why again you want to index this data from AZure to Splunk ?( any specific requirement )

0 Karma
Reply

Koko12345678
Explorer
‎08-27-2018 06:21 AM

I couldn't see anything that related to Azure application logs.
just activity log, diagnostic logs and metrics

0 Karma
Reply

mayurr98
Super Champion
‎08-27-2018 07:05 AM

well i meant that you can monitor event hub data. so it could be anything this app monitors event hub.If you send application logs to event hub add-on will get data from event hub. you can give it a try.

Another approach is using HTTP event collector.
https://github.com/Microsoft/AzureFunctionforSplunkVS
have a look at this link.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-eve...

0 Karma
Reply

Koko12345678
Explorer
‎08-30-2018 03:09 AM

to pull data from Event Hub you need also to configure input on the add-on side, this is why I'm asking if I can configure the add-on to also pull for application logs

0 Karma
Reply

mayurr98
Super Champion
‎08-30-2018 04:58 AM

I have never tried it. But I think Yes you can configure.you can give it a try

0 Karma
Reply

Koko12345678
Explorer
‎08-30-2018 05:02 AM

ok thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...