Re: Moving files from Azure Blob Storage to Splunk...

osmar_countdown · ‎04-04-2019

Hi,

Are there any plugins or up to date tutorials on how to move files from Azure blob storage to Splunk Cloud? Are there any best practices recommended on how to approach the forwarding from Azure to Splunk Cloud?

I have seen the HTTP Collector and I believe it could possibly be a solution in conjunction with Event Hubs and/or Azure Functions, but I'm not sure if that would be correct and the most recommended.

Any examples would be much appreciated.

Kind regards,
Osmar

jconger · ‎04-05-2019

You can use a heavy forwarder with the Splunk Add-on for Microsoft Cloud Services to read data from the blob and forward on to Splunk Cloud. This heavy forwarder could live in Azure, on your premises, or anywhere that has access to the internet. With Splunk Cloud, you could get an Input Data Manager (IDM) provisioned that could run the add-on as well.

Anything specific you are looking to get from the Azure blob? Is it diagnostic data/logs from other Azure resources? If so, there may be a better/easier way to do it versus using blobs.

Moving files from Azure Blob Storage to Splunk Cloud

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation