Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why are we not getting all the details in Azure sign-in logs using Microsoft Azure Add-on for Splunk after upgrade?

meghasinghal
Engager
‎03-14-2022 01:26 AM

Post upgrading Microsoft Azure Add on for Splunk to 3.2.0 we are not receiving authentication details in Splunk. Also, non-interactive login details are not available. 

Field to check if the authentication is success or failed is not in the raw logs, field name - authenticationDetailssucceeded. Other authentication details are also missing.

Labels (1)
Labels
0 Karma
Reply

meghasinghal
Engager
‎12-02-2022 03:24 AM

This was resolved by changing endpoint as beta instead of v1.0 in Inputs.

0 Karma
Reply

VatsalJagani
Super Champion
‎03-15-2022 06:39 AM

I'm not an Azure expert, but I always use Office 365 Add-on to get login details from Azure.

https://splunkbase.splunk.com/app/4055/

0 Karma
Reply

aasabatini
Motivator
‎03-14-2022 02:46 AM

Hi @meghasinghal 

please use this addon to onboard the splunk azure data 

https://splunkbase.splunk.com/app/3110/

this is the official azure add on.

Best Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...