Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure App for Splunk

monguyen
New Member
‎05-26-2021 11:17 AM

Hi, 

This photo includes the SPL search for the Microsoft Azure App for Splunk in the Billing Overview:

monguyen_0-1622052635019.png

This search no longer results in any events because the properties.pretaxCost and properties.usageQuantity fields no longer exist if I search:

index=item_prod_event_azure_90d OR index=cyber_prod_event_mscloud_1y sourcetype="azure:billing".

monguyen_1-1622053022658.png

 

Additionally, the fields seen in the following line also do not show up as fields any longer as well:

| dedup properties.usageStart properties.instanceId properties.meterDetails.meterSubCategory Cost properties.meterDetails.meterName Quantity

What can be done to view the billing information again?

Thanks so much! 

Labels (1)
Labels
0 Karma
Reply

monguyen
New Member
‎05-27-2021 02:20 PM

Good point. It does seem it could have been renamed.

Would it be possible to know what the fields have been renamed as to make sure I am pulling the correct information? Or who I can contact to check this? The ones that I am still unsure about are the properties.usageStart and properties.instanceId. I think it could be properties.date and properties.meterId, respectively, but it would be good for someone who changed the fields to confirm this. Thank you! 

0 Karma
Reply

dmacintosh_splu
Splunk Employee
Splunk Employee
‎05-26-2021 04:24 PM

The screenshot of the fields you shared contains the properties.cost and properties.quantity fields. Do the field values represent the data you want?

It is possible that Azure changed the name of the fields in the raw data.

0 Karma
Reply
Get Updates on the Splunk Community!

Simplifying the Analyst Experience with Finding-based Detections

    Splunk invites you to an engaging Tech Talk focused on streamlining security operations with ...

[Puzzles] Solve, Learn, Repeat: Word Search

This challenge was first posted on Slack #puzzles channelThis puzzle is based on a letter grid containing ...

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Advent of CodeIn order to participate in these challenges, you will need to register with the Advent of Code ...