I just wrote an Azure Diagnostics App for Splunk and submitted it to splunkbase yesterday for approval. I tested it in both windows and Linux. What it does is pull the azure diagnostics from the azure WAD tables and populate the splunk indexes with it. Currently it doesn't do any grooming of the azure tables but that is something I plan on adding later. It can run on or off-premises, some due diligence is needed to determine what makes the most sense in different scenarios (pay for instances vs data transfers). If you do decide to give it a try, do let me know, I'd love to hear some feedback.
Thanks,
Michel
... View more