Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Which approch is easier to implement- installing Universal Forwarder(UF) or using the Splunk Add-on for Microsoft Cloud Services

Koko12345678
Explorer
‎07-16-2018 05:32 AM

from what I understood with Splunk Add-on for Microsoft Cloud Services, there are some configuration that I will have to perform, while with UF just an installation is required, which approach is preferred? and why?

thanks

Tags (1)
0 Karma
Reply

Koko12345678
Explorer
‎07-16-2018 07:51 AM

Thanks for the answer, but I still don't understand what is the benefit of using one over the other.
let's assume I used UF before it's more familiar to me, why should I'll want to work with new configuration of the add on?

0 Karma
Reply

kmorris_splunk
Splunk Employee
Splunk Employee
‎07-16-2018 06:03 AM

In my opinion, the Splunk Add-on for Microsoft Cloud Services would be the better route. As with any Splunk Add-on, you will have the added value of things like field extractions. The Add-on also communicates via API, so I'm not even sure you could easily get at the same data. Also, you would still have to configure a Universal Forwarder to point it at the data sources you want to ingest, with the added task of extracting fields.

Here is a link to a blog post which helps with the configuration of the Add-on. I have had a few customers successfully utilize this post when configuring the Add-on.

https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html

0 Karma
Reply

Koko12345678
Explorer
‎07-16-2018 07:51 AM

Thanks for the answer, but I still don't understand what is the benefit of using one over the other.
let's assume I used UF before it's more familiar to me, why should I'll want to work with new configuration of the add on?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...