Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure App for Splunk

monguyen
New Member
‎05-26-2021 11:17 AM

Hi, 

This photo includes the SPL search for the Microsoft Azure App for Splunk in the Billing Overview:

monguyen_0-1622052635019.png

This search no longer results in any events because the properties.pretaxCost and properties.usageQuantity fields no longer exist if I search:

index=item_prod_event_azure_90d OR index=cyber_prod_event_mscloud_1y sourcetype="azure:billing".

monguyen_1-1622053022658.png

 

Additionally, the fields seen in the following line also do not show up as fields any longer as well:

| dedup properties.usageStart properties.instanceId properties.meterDetails.meterSubCategory Cost properties.meterDetails.meterName Quantity

What can be done to view the billing information again?

Thanks so much! 

Labels (1)
Labels
0 Karma
Reply

monguyen
New Member
‎05-27-2021 02:20 PM

Good point. It does seem it could have been renamed.

Would it be possible to know what the fields have been renamed as to make sure I am pulling the correct information? Or who I can contact to check this? The ones that I am still unsure about are the properties.usageStart and properties.instanceId. I think it could be properties.date and properties.meterId, respectively, but it would be good for someone who changed the fields to confirm this. Thank you! 

0 Karma
Reply

dmacintosh_splu
Splunk Employee
Splunk Employee
‎05-26-2021 04:24 PM

The screenshot of the fields you shared contains the properties.cost and properties.quantity fields. Do the field values represent the data you want?

It is possible that Azure changed the name of the fields in the raw data.

0 Karma
Reply
Get Updates on the Splunk Community!

Application management with Targeted Application Install for Victoria Experience

  Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...

Index This | What goes up and never comes down?

January 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

The Power of Two: Splunk + Cisco at "Ludicrous Scale"   You know Splunk. You know Cisco. But have you seen ...