- Release Notes Cloud Insights
- Getting Started
- Access and Permissions
- Notifications
- Interacting with Insights
- Action Center Integration
- Automation Hub Integration
- Autopilot integration
- Document Understanding Integration
- License monitoring integrations
- Real-time Monitoring
- Real Time Data Export
- Troubleshooting
Insights
Sending Data to Splunk
In this topic you can learn how to use the insights real-time data export feature to send data to Splunk and use it there.
The following table lists the components used for consuming Event Hubs data.
Component |
Description |
---|---|
Inputs |
A reader from a data source (e.g., EventHub added by the Microsoft Data Services add-on. |
Indexes |
Storage of data from the inputs that can be queried. |
Search and Reporting |
Data exploration from ad-hoc queries to persistent dashboards |
You need to create an event index to integrate with Event Hubs.
To authenticate Splunk with Azure, you need to create an Azure AD application and a service principal.
- Sign in to
portal.azure.com
. - Register an application with Azure AD and create a service principal.
-
Connect to Splunk Add-on for Microsoft Cloud Services using the Client ID / Tenant ID (Directory (tenant) ID in Azure). Alternatively, you can use Client secret.
Define input and ingest data into the index.
Add data input using Splunk Web and configure the following settings:
- The Azure Event Hub Namespace (FQDN)
- The Azure Event Hub Name
-
The Azure Event Hub Consume Group
Note: Use More options to set the preferred index defined in Create event index.
To explore the dataset you can start sampling available data.
Refine the data by filtering and grouping (e.g., see recent count of events for jobs).