There is not an add-on that can natively ingest Avro files. Splunk is not able to read it because .avro files are in a binary format that Splunk can't read.
Alternatively, you can change the format to a text format prior to ingestion in order for Splunk to read it. For more information in this approach please check the answers post link below:
The example made is as follow:
Avro to “json” conversion:
Install Avro Tools:
tar xvf avro-1.7.6.tar.gz
sudo python setup.py (https://setup.py/) install
Install Avro Tools using PIP:
pip install avro
Conversion from Avro to json
avro cat "/avro_file_path/*.avro" -- format json >"output_file_path/output.json"
Data input >> Files & Directories >> Moniter "output_file_path/output.json"
... View more