Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to Ingest Azure Monitor Logs into Splunk in Near Real-Time Using Client-Provided CSVs?

rahulkumar
Path Finder
‎10-21-2025 11:33 AM

I’m working on ingesting logs from Azure Monitor into Splunk and currently the client provides the logs manually in CSV format, which we then upload into Splunk. However, this method is not real-time and requires manual effort. I’m looking for a way to automate this process and achieve near real-time ingestion of Azure Monitor logs into Splunk. Ideally, I want a setup where the logs can stream from Azure Monitor directly into Splunk or through an automated pipeline without manual CSV handling. We prefer structured data and are open to solutions like Azure Event Hub,  or APIs if they can feed logs into Splunk automatically. What’s the best approach to achieve this real-time integration from Azure Monitor to Splunk? 

Labels (1)
Labels
Reply

livehybrid
SplunkTrust
SplunkTrust
‎10-21-2025 12:09 PM

Hi @rahulkumar 

I believe what you're looking for is the Splunk Add-on for Microsoft Cloud Services app which is capable of pulling Azure Monitor data (see https://jasonconger.com/splunk-azure-gdi/ and https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Sourcetypes/)

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

rahulkumar
Path Finder
‎10-21-2025 12:17 PM

@livehybrid  Hi thanks for response but from splunk I know I can use the way add on but client does not know about azure monitor logs can be send to event hubs or not they are providing logs in csv files so how to take it from here or should we ask them to send to event hubs to use addons or i was looking for a way around if anyone or you know to help them and me.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...