Getting Data In

Why are we not getting all the details in Azure sign-in logs using Microsoft Azure Add-on for Splunk after upgrade?

meghasinghal
Engager

Post upgrading Microsoft Azure Add on for Splunk to 3.2.0 we are not receiving authentication details in Splunk. Also, non-interactive login details are not available. 

Field to check if the authentication is success or failed is not in the raw logs, field name - authenticationDetailssucceeded. Other authentication details are also missing.

Labels (1)
0 Karma

meghasinghal
Engager

This was resolved by changing endpoint as beta instead of v1.0 in Inputs.

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

I'm not an Azure expert, but I always use Office 365 Add-on to get login details from Azure.

https://splunkbase.splunk.com/app/4055/

0 Karma

aasabatini
Motivator

Hi @meghasinghal 

please use this addon to onboard the splunk azure data 

https://splunkbase.splunk.com/app/3110/

this is the official azure add on.

Best Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...