Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Ingest Azure Monitor Logs into Splunk in Near Real-Time Using Client-Provided CSVs?

rahulkumar
Path Finder
a week ago

I’m working on ingesting logs from Azure Monitor into Splunk and currently the client provides the logs manually in CSV format, which we then upload into Splunk. However, this method is not real-time and requires manual effort. I’m looking for a way to automate this process and achieve near real-time ingestion of Azure Monitor logs into Splunk. Ideally, I want a setup where the logs can stream from Azure Monitor directly into Splunk or through an automated pipeline without manual CSV handling. We prefer structured data and are open to solutions like Azure Event Hub,  or APIs if they can feed logs into Splunk automatically. What’s the best approach to achieve this real-time integration from Azure Monitor to Splunk? 

Labels (1)
Labels
Reply

livehybrid
SplunkTrust
SplunkTrust
a week ago

Hi @rahulkumar 

I believe what you're looking for is the Splunk Add-on for Microsoft Cloud Services app which is capable of pulling Azure Monitor data (see https://jasonconger.com/splunk-azure-gdi/ and https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Sourcetypes/)

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

rahulkumar
Path Finder
a week ago

@livehybrid  Hi thanks for response but from splunk I know I can use the way add on but client does not know about azure monitor logs can be send to event hubs or not they are providing logs in csv files so how to take it from here or should we ask them to send to event hubs to use addons or i was looking for a way around if anyone or you know to help them and me.

0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...