WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Source types for the Splunk Add on for Microsoft Azure

Jump to bottom
Jason Conger edited this page Jul 14, 2022 · 2 revisions

The Splunk Add-on for Microsoft Azure provides the index-time and search-time knowledge for Microsoft Azure data in the following formats:

Data source Default sourcetype(s)
Azure Active Directory Interactive Sign-ins azure:aad:signin
Azure Active Directory Users azure:aad:user
Azure Active Directory Groups azure:aad:group
Azure Active Directory Audit azure:aad:audit
Azure Active Directory Risk Detection azure:aad:risk:detection
Azure Active Directory Devices azure:aad:device
Metrics azure:metrics
Security Center azure:securityCenter:alert
azure:securityCenter:task
Subscriptions azure:subscriptions
Resource Groups azure:resource:group
Virtual Networks azure:vnet
azure:vnet:nic
azure:vnet:nsg
azure:vnet:ip:public
Compute azure:compute:vm
azure:compute:disk
azure:compute:image
azure:compute:snapshot
Azure Billing and Consumption azure:billing
Azure Reservation Recommendation azure:reservation:recommendation
Azure Resource Graph azure:resourcegraph
Azure Topology (automatic) azure:topology
Azure Topology (manual) azure:topology

images/icon.png

Home

Installation

Configuration

Reference

Clone this wiki locally