Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

is "Splunk Add on for Microsoft Azure" is official app

Satyams14
Loves-to-Learn Lots
‎06-23-2025 01:59 AM

Hello,

Can someone confirm if this is official app by microsoft or a third party created app? I want to integrate azure waf logs into my splunk indexer.

 

Thanks and Regards,

satyam

0 Karma
Reply

LAME-Creations
Path Finder
‎06-23-2025 08:22 AM

Both answers above are correct in their response.  If you already knew this, I apologize beforehand, but one of the best ways to find out if the app is a 3rd party app, an app built by Splunk, or built by vendor of the product you are trying to ingest, go to Splunk base, look at the app and there is a field "created by"  If the answer is Splunk or Splunk works - this means that Splunk built the app.  If it said microsoft or something similar you could assume Microsoft, if it says LAME Creations (just a hypothetical example) that means someone called LAME Creations built the app. 

Most of the apps built by Splunk were designed with a use case where they worked with the actual vendor or something similar that should provide you with some level of confidence this is the app.  Unfortunately the bigger issue is if the app is "STILL" the current app that is recommended by Splunk.  What I mean by that is over time, apps get recreated or rebranded into other apps and that can still be a problem with Splunk built apps so I also like to look at the version history and see if the app is relatively current.  If it is current, it means Splunk is still working on it, and that should also help provide some level of confidence this is the app.  The last method is a mixture between using Google Foo to search for what the community is using or asking on this forum - so you are already doing this. 

Hope this helps.  The answer was generic, but it was just me sharing how I look at an app on Splunkbase to see if I should use it in my environment.   

0 Karma
Reply

tej57
Builder
‎06-23-2025 02:11 AM

Hello @Satyams14,

If you plan to stream WAF logs to Eventhubs and wish to use Splunk Supported Add-on, you can also consider using Splunk Add-on for Microsoft Cloudservices (#3110 - https://splunkbase.splunk.com/app/3110). It is a supported add-on and can fetch logs directly from the eventhub.

Thanks,
Tejas.

 

---
If the above solution helps, an upvote is appreciated..!! 

Reply

livehybrid
SplunkTrust
SplunkTrust
‎06-23-2025 02:05 AM

Hi @Satyams14 

This app is created by Splunk (but not a Splunk supported app) - not created by Microsoft, having said that I believe that it IS the "go-to" app for Azure feeds/onboarding.

For a good overview on getting-data-in (GDI) for Azure check out https://docs.splunk.com/Documentation/SVA/current/Architectures/AzureGDI (which lists this app).

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

gcusello
SplunkTrust
SplunkTrust
‎06-23-2025 02:05 AM

Hi @Satyams14 ,

as you can read at https://splunkbase.splunk.com/app/3757, this isn't an official app by Splunk or Microsoft:

  • It was created by "Splunk Works",
  • It isn't supported,
  • even if it has 64,900 downloads,
  • and you can find it on GitHub.

Ciao.

Giuseppe

Reply

LAME-Creations
Path Finder
‎06-23-2025 08:26 AM

"Built by Splunk Works": Splunk Works is an internal initiative or team within Splunk focused on creating innovative, often experimental or community-driven apps and add-ons. Apps labeled "Built by Splunk Works" are developed by Splunk employees but may not carry the same level of formal support or certification as mainstream Splunk apps (e.g., Splunk Enterprise Security or Splunk IT Service Intelligence). These apps are often exploratory, proof-of-concept, or niche solutions.

So my above statement is not completely true. 

Apps marked "Built by Splunk Works" are indeed created by Splunk employees, making them "official" in the sense that they originate from Splunk Inc. However, they may not always be Splunk Supported or Splunk Certified, which is what some users mean when they refer to "official" apps.

Glad you mentioned this because that does make it slightly different than being built by Splunk, certified by Splunk.  
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

What Is Splunk? Here’s What You Can Do with Splunk

Hey Splunk Community, we know you know Splunk. You likely leverage its unparalleled ability to ingest, index, ...

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...