Hi, I'm currently using 'Splunk Add-on for Microsoft Office 365' and we are able to see the following sources: audit_exchange audit_sharepoint audit_general audit_azureactivedirectory sourcetype for all is 'o365:management:activity'. I'm looking to gather information about users, groups, devices etc., to use for 'Asset and Identity framework' in Splunk ES. So, I followed the documentation - https://splunk.github.io/splunk-add-on-for-microsoft-office-365/ConfigureMicrosoftEntraIDMetadataInputs/ Even after doing this, I'm not receiving the expected logs. Has anyone faced similar issue?   I'm thinking of using 'Splunk-add-on-microsoft-azure' app for this because it helps with users, devices, groups information based on the documentation - https://github.com/splunk/splunk-add-on-microsoft-azure/wiki/Create-an-Azure-AD-App-Registration But I see the app (https://splunkbase.splunk.com/app/3757) is not supported. Does anyone use this app? Can we use non supported apps in production? Thanks! ... View more

Hi, I'm currently looking to gather information for asset & identity framework for Splunk ES. We are using Splunk Cloud. I'd like to get the identity and asset information from Microsoft Azure. I'm aware that there are lot of add-ons available for us to use, but I'm confused which one to choose. Which will help me for my scenario? Splunk Add-on for Microsoft Azure Splunk Add-on for Microsoft Office 365 Splunk Add-on for Microsoft Security Splunk Add-on for Microsoft Cloud Services Which app should I focus on? Which apps are no longer supported? I'm thinking of using 'Splunk-add-on-microsoft-azure' app for this because it helps with users, devices, groups information based on the documentation - https://github.com/splunk/splunk-add-on-microsoft-azure/wiki/Create-an-Azure-AD-App-Registration But I see the app (https://splunkbase.splunk.com/app/3757) is not supported. Does anyone use this app? Can we use non supported apps in production? Thanks! ... View more