Getting Data In

Why are we not getting all the details in Azure sign-in logs using Microsoft Azure Add-on for Splunk after upgrade?

meghasinghal
Engager

Post upgrading Microsoft Azure Add on for Splunk to 3.2.0 we are not receiving authentication details in Splunk. Also, non-interactive login details are not available. 

Field to check if the authentication is success or failed is not in the raw logs, field name - authenticationDetailssucceeded. Other authentication details are also missing.

Labels (1)
0 Karma

meghasinghal
Engager

This was resolved by changing endpoint as beta instead of v1.0 in Inputs.

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

I'm not an Azure expert, but I always use Office 365 Add-on to get login details from Azure.

https://splunkbase.splunk.com/app/4055/

0 Karma

aasabatini
Motivator

Hi @meghasinghal 

please use this addon to onboard the splunk azure data 

https://splunkbase.splunk.com/app/3110/

this is the official azure add on.

Best Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...