Re: Splunk report to fetch Azure orphaned disk det... - Splunk Community

Getting Data In

Hello experts... I need help... I want to fetch Azure orphaned disk details... Can someone share splunk query for the same.

Install the Splunk Add-on for Microsoft Cloud Services and configure the Azure Resource input. Choose "Disk Data" as the resource type (see screenshot).

Then, you can use this search to find unattached (orphaned) disks:

index=main sourcetype="mscs:resource:disk" properties.diskState="unattached"

I am new to Splunk so I don't know from where to start.

Where is the data you want to analysis? Have you already ingested it into Splunk?

Please share some sample (anonymised) events

I am new to Splunk so I don't know from where to start.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...