Knowledge Management

CIM data model for Azure activity logs in Splunk

bsanjee
Explorer

Hello,

I have onboarded activity logs from an azure subcription to splunk using Azure monitor addon for splunk, https://splunkbase.splunk.com/app/3534/#/details , and the logs are parsed into below sourcetypes,

amal:administrative
amal:serviceHealth
amal:resourceHealth
amal:security
amal:ascRecommendation
amal:ascAlert

Is there a CIM model for these sourcetypes? If not, how should CIM compliance be validated?

0 Karma

ssadh_splunk
Splunk Employee
Splunk Employee
0 Karma

HiroshiSatoh
Champion

This APP is not CIM compliant. You need to ask the creator, or associate yourself with CIM.
Good luck!

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...