Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Which add-on for o365 and Azure log collection?

ojay
Path Finder
‎02-02-2022 01:06 AM

Hi all,

I am planning on integrating o365 and Azure cloud services to my Splunk on-prem environment.

Now there are several Add-Ons to choose from in Splunkase

  • Microsoft Azure Add on for Splunk
  • Splunk Add-on for Microsoft Office 365
  • Splunk Add-on for Microsoft Cloud Services

What is the main difference between these Add-Ons and which should i use? The documentation did not really help.

"The Splunk Add-on for Microsoft Office 365 replaces the modular input for the Office 365 Management API within the Splunk Add-on for Microsoft Cloud Services."

  • Is it still possible to collect the o365 logs with the Cloud Services add-on which collects via so called event hubs?
  •  

Thank you,

O.

Tags (3)
0 Karma
Reply

ojay
Path Finder
‎02-04-2022 12:12 AM

In case i use both add-on's do I need to create two seperate application integrations?

0 Karma
Reply

ojay
Path Finder
‎02-03-2022 11:59 PM

Thank you for the quick feedback, the guide is helpful but i was more looking into a comparison about what add-on to use.

Is the "Splunk Add-on for Microsoft Cloud Services" able to get the O365 data? Is it advised to use it?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-02-2022 02:05 PM

Hi

we have used this instructions 

https://www.ciraltos.com/use-splunk-to-collect-logs-from-office-365-and-azure-ad/ to setup M365 data collection and presentation. This guide is little bit outdated, but you could manage configuration with small modifications.
r. Ismo
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...