Getting Data In

Why are we not getting all the details in Azure sign-in logs using Microsoft Azure Add-on for Splunk after upgrade?


Post upgrading Microsoft Azure Add on for Splunk to 3.2.0 we are not receiving authentication details in Splunk. Also, non-interactive login details are not available. 

Field to check if the authentication is success or failed is not in the raw logs, field name - authenticationDetailssucceeded. Other authentication details are also missing.

Labels (1)
0 Karma


This was resolved by changing endpoint as beta instead of v1.0 in Inputs.

0 Karma

Super Champion

I'm not an Azure expert, but I always use Office 365 Add-on to get login details from Azure.

0 Karma


Hi @meghasinghal 

please use this addon to onboard the splunk azure data

this is the official azure add on.

Best Regards


“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...