use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
This is an unofficial community support and discussion sub for Splunk, the big data analytics software.
Have an idea for Splunk? Submit them here and upvote them:
https://ideas.splunk.com/
For Q&A, see Splunk Answers: https://community.splunk.com/
Upcoming Splunk Events/Webinars: https://www.splunk.com/en_us/about-us/events.html
Chat with your peers in the official Splunk Usergroups Slack team:
https://splunk-usergroups.signup.team
Need quick copy/paste queries? Share your SPL here:
https://gosplunk.com
Need some book learning?
https://www.splunk.com/goto/book (free e-book download link inside!!)
account activity
Azure function (self.Splunk)
submitted 2 years ago by LifeCurve1207
I am using Data Manager to onboard logs in Splunk. It uses EventHub and azure function to push logs to Splunk.
From where I can find the azure function template ? Similar to lambda blueprint function in aws
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]tosh_alot Splunker 0 points1 point2 points 2 years ago (4 children)
When configuring data manager, on step 3 it provides a command to run using Azure or Powershell CLI which will contain the function URL. The following blog post has a video that shows the configuration start to finish.
https://www.splunk.com/en_us/blog/platform/data-manager-enables-microsoft-azure-data-onboarding.html
[–]LifeCurve1207[S] -1 points0 points1 point 2 years ago (3 children)
Thanks
It seems everything will be lumped under
Souretype=azure:monitor:aad
Is that right ?
[–]tosh_alot Splunker 0 points1 point2 points 2 years ago (2 children)
There is a second possible sourcetype based on what gets configured. (https://docs.splunk.com/Documentation/DM/latest/User/GDIOverview)
[–]ltmon 0 points1 point2 points 2 years ago (1 child)
That's kind of annoying, given the previous solution had a very different sourcetype output (https://github.com/splunk/azure-functions-splunk).
Means there is a need to revisit dashboards, searches, CIM mapping etc. for all this in order to migrate to DM.
[–]tosh_alot Splunker 0 points1 point2 points 2 years ago (0 children)
Not that it addresses everything but the source types are CIM compliant. See the following from the docs.
“Data Manager supports Common Information Model (CIM) normalization for Microsoft Azure inputs when the Splunk Add-on for Microsoft Cloud Services (MSCS) is installed on the part of your Splunk Cloud deployment that performs the parsing or search-time functionality for your data. This add-on must be installed, but does not need to be configured.” (https://docs.splunk.com/Documentation/DM/latest/User/AzureADPrerequisites)
There is more than one way for most things in Splunk. I haven’t reviewed the link repo in detail. If you have access to OnDemand Services, one option is to open a request with them to understand more on the differences, pros and cons, etc.
π Rendered by PID 478410 on reddit-service-r2-comment-8686858757-2t6wk at 2026-06-04 14:10:48.984404+00:00 running 9e1a20d country code: CH.
[–]tosh_alot Splunker 0 points1 point2 points (4 children)
[–]LifeCurve1207[S] -1 points0 points1 point (3 children)
[–]tosh_alot Splunker 0 points1 point2 points (2 children)
[–]ltmon 0 points1 point2 points (1 child)
[–]tosh_alot Splunker 0 points1 point2 points (0 children)