Re: Splunk report to fetch Azure orphaned disk det... - Splunk Community

Getting Data In

Hello experts... I need help... I want to fetch Azure orphaned disk details... Can someone share splunk query for the same.

Install the Splunk Add-on for Microsoft Cloud Services and configure the Azure Resource input. Choose "Disk Data" as the resource type (see screenshot).

Then, you can use this search to find unattached (orphaned) disks:

index=main sourcetype="mscs:resource:disk" properties.diskState="unattached"

I am new to Splunk so I don't know from where to start.

Where is the data you want to analysis? Have you already ingested it into Splunk?

Please share some sample (anonymised) events

I am new to Splunk so I don't know from where to start.

Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars Sometimes, you just need to see the code. For those looking for a ...