Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I collect application logs from Azure to Splunk?

Koko12345678
Explorer
‎08-27-2018 01:46 AM

I already know that I can collect application logs into Azure application insight, and use a storage account streaming this data to event hub, but can splunk pull this data? if yes, how can I configure input in Splunk to do that.
If someone has a documentation about that it will be very helpful.

Tags (2)
0 Karma
Reply

larmesto
Path Finder
‎01-07-2019 09:42 AM

This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/

regards,

0 Karma
Reply

Paul1896
Path Finder
‎03-09-2020 05:34 AM

Hello larmesto,

is it possible to grab application logs which are stored in an azure event hub as well or only acitivity logs?

0 Karma
Reply

mayurr98
Super Champion
‎08-27-2018 01:51 AM

Hello

Yes, there are several apps and add-ons that are available to pull data from event hub.
have a look at this app:
https://splunkbase.splunk.com/app/3534/

Also,have a look at this detail documentation:
https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

let me know if this helps!

0 Karma
Reply

saikiran334
Explorer
‎04-20-2020 09:10 AM

@Koko12345678, out of curiosity ,
Any how you have application logs in Azure for long term storage , and may i know why again you want to index this data from AZure to Splunk ?( any specific requirement )

0 Karma
Reply

Koko12345678
Explorer
‎08-27-2018 06:21 AM

I couldn't see anything that related to Azure application logs.
just activity log, diagnostic logs and metrics

0 Karma
Reply

mayurr98
Super Champion
‎08-27-2018 07:05 AM

well i meant that you can monitor event hub data. so it could be anything this app monitors event hub.If you send application logs to event hub add-on will get data from event hub. you can give it a try.

Another approach is using HTTP event collector.
https://github.com/Microsoft/AzureFunctionforSplunkVS
have a look at this link.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-eve...

0 Karma
Reply

Koko12345678
Explorer
‎08-30-2018 03:09 AM

to pull data from Event Hub you need also to configure input on the add-on side, this is why I'm asking if I can configure the add-on to also pull for application logs

0 Karma
Reply

mayurr98
Super Champion
‎08-30-2018 04:58 AM

I have never tried it. But I think Yes you can configure.you can give it a try

0 Karma
Reply

Koko12345678
Explorer
‎08-30-2018 05:02 AM

ok thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...