Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk report to fetch Azure orphaned disk details.

jatin
Explorer
‎02-23-2024 01:32 AM

Hello experts... I need help... I want to fetch Azure orphaned disk details... Can someone share splunk query for the same.

Labels (1)
Labels
0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎02-26-2024 08:37 AM

Install the Splunk Add-on for Microsoft Cloud Services and configure the Azure Resource input.  Choose "Disk Data" as the resource type (see screenshot).

Then, you can use this search to find unattached (orphaned) disks:

index=main sourcetype="mscs:resource:disk" properties.diskState="unattached"

 

jconger_0-1708965359640.png

 

Reply

jatin
Explorer
‎02-23-2024 01:40 AM

I am new to Splunk so I don't know from where to start.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-23-2024 01:42 AM

Where is the data you want to analysis? Have you already ingested it into Splunk?

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎02-23-2024 01:36 AM

Please share some sample (anonymised) events

0 Karma
Reply

jatin
Explorer
‎02-23-2024 01:41 AM

I am new to Splunk so I don't know from where to start.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...