There are several add-ons that can read data from Microsoft Azure and Office 365, I'll summarize those here:
The Splunk Add-on for Microsoft Cloud Services will collect data from Azure Storage Accounts (table and blob), enumerate Azure resources (like VMs, Virtual Networks, NICs, etc.), collect Azure Audit data (who did what and when), and Office 365 activity data.
The Azure Monitor Add-on for Splunk will read Azure Monitor data like Metrics, Diagnostics Logs, and Activity Logs via Event Hubs.
The Azure Active Directory Reporting Add-on will read Azure Active Directory Sign-in data and AD Audit data.
The Microsoft Office 365 Reporting Add-on will get message trace data (email from/to, subject, size, etc.)
All of these add-ons are free and the data collected can be sent to Splunk running on-premises, Splunk Cloud, or Splunk running in a cloud somewhere else (like Azure, AWS, or GCP).
When Splunk collects data from an Azure Storage Blob, the add-on just reads the data. Specifically, the bytes are streamed as text from the blob to Splunk.
Which alerts are you referring to? There are multiple ways to send alert data to Splunk or have Splunk generate alerts and take action.
... View more