- Release Notes Cloud Insights
- Getting Started
- Access and Permissions
- Interacting with Insights
- Automation Hub Integration
- Action Center Integration
- Real Time Monitoring
- Real Time Data Export
Sending Data to Splunk
In this topic you can learn how to use the insights real-time data export feature to send data to Splunk and use it there.
The following table lists the components used for consuming Event Hubs data.
A reader from a data source (e.g., EventHub added by the Microsoft Data Services add-on.
Storage of data from the inputs that can be queried.
Search and Reporting
Data exploration from ad-hoc queries to persistent dashboards
You need to create an event index to integrate with Event Hubs.
To authenticate Splunk with Azure, you need to create an Azure AD application and a service principal.
- Sign in to
- Register an application with Azure AD and create a service principal.
Connect to Splunk Add-on for Microsoft Cloud Services using the Client ID / Tenant ID (Directory (tenant) ID in Azure). Alternatively, you can use Client secret.
To explore the dataset you can start sampling available data.
Refine the data by filtering and grouping (e.g., see recent count of events for jobs).