- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Forwarding Azure App Service Logs do SPlunk
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forwarding Azure App Service Logs do SPlunk
I have an azure app service with CUSTOM text log files (stored locally in app service filesystem). How can I index them in splunk?
I was thinking about the following, but none was working:
- using azure file storage (samba ports are blocked)
- read logs in splunk via ftp (as far as I know impossible)
- trying to install splunk forwarder (as far as I know possible only in azure VM, not app service)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to send your logs to app fabric, table, blob, or eventhub then pull the data using other Microsoft cloud services app from splunk. Note it doesnt support event hubs but you can send event hub to blob storage and read from there.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the ftp is not a bad idea actually, try this app out if possible - https://splunkbase.splunk.com/app/3318/#/details or this - https://splunkbase.splunk.com/app/3534/ ?
Is it possible to call them over some sort of API service? Then you can rest ingest them in splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I'll try.
What do you mean by "call them over some sort of API service"?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i mean can you read the logs through an bash/python/shell script? Then you could create a scripted input and index the output of the script into splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In fact none of these addons are good enough. FTP Receiver sets up local ftp server instead of reading logs from remote one. The other addon can only rean diagnostic logs.
Can you provide more info about the scripts? Do they run on splunk server? Can they work realtime? I have daily rolling text files but I would like to have them indexed realtime not only after they are rolled.
Do you have any examples of such script?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Firstly, you have to bear with me , I have 0 experience on azure and a newbie on AWS so I am probably not able to understand simple things in azure.
Please see this - https://docs.splunk.com/Documentation/Splunk/7.2.6/Data/MonitorWMIdata#Security_and_remote_access_co...
Can you open cmd on your local and curl into the remote machine to read the log files? If you can then we can always set up a script , key thing is NOT the indexing here, but how you connect from your local to your remote instance AND download the log info from the remote machine.
I suggest you google a bit on pyhton or shell or curl command/scripts on how to connect and get logs from a remote azure instance. After that its a cakewalk and I can guide you in that but firstly, can you (you have to, if your splunk is on a different instance than the remote azure instance) gather the logs from the remote instance to your local?
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
