Getting Data In

Why are we not getting all the details in Azure sign-in logs using Microsoft Azure Add-on for Splunk after upgrade?


Post upgrading Microsoft Azure Add on for Splunk to 3.2.0 we are not receiving authentication details in Splunk. Also, non-interactive login details are not available. 

Field to check if the authentication is success or failed is not in the raw logs, field name - authenticationDetailssucceeded. Other authentication details are also missing.

Labels (1)
0 Karma


This was resolved by changing endpoint as beta instead of v1.0 in Inputs.

0 Karma

Super Champion

I'm not an Azure expert, but I always use Office 365 Add-on to get login details from Azure.

0 Karma


Hi @meghasinghal 

please use this addon to onboard the splunk azure data

this is the official azure add on.

Best Regards


“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...