Re: Which add-on for o365 and Azure log collection...

ojay · ‎02-02-2022

Hi all,

I am planning on integrating o365 and Azure cloud services to my Splunk on-prem environment.

Now there are several Add-Ons to choose from in Splunkase

Microsoft Azure Add on for Splunk
Splunk Add-on for Microsoft Office 365
Splunk Add-on for Microsoft Cloud Services

What is the main difference between these Add-Ons and which should i use? The documentation did not really help.

"The Splunk Add-on for Microsoft Office 365 replaces the modular input for the Office 365 Management API within the Splunk Add-on for Microsoft Cloud Services."

Is it still possible to collect the o365 logs with the Cloud Services add-on which collects via so called event hubs?

Thank you,

O.

ojay · ‎02-04-2022

In case i use both add-on's do I need to create two seperate application integrations?

ojay · ‎02-03-2022

Thank you for the quick feedback, the guide is helpful but i was more looking into a comparison about what add-on to use.

Is the "Splunk Add-on for Microsoft Cloud Services" able to get the O365 data? Is it advised to use it?

isoutamo · ‎02-02-2022

Hi

we have used this instructions

https://www.ciraltos.com/use-splunk-to-collect-logs-from-office-365-and-azure-ad/ to setup M365 data collection and presentation. This guide is little bit outdated, but you could manage configuration with small modifications.

r. Ismo

Which add-on for o365 and Azure log collection?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio