Skip to content

Connect to your Azure Storage account with the Splunk Add-on for Microsoft Cloud Services

Connect the Splunk Add-on for Microsoft Cloud Services and your Azure Storage account so that you can ingest your Azure storage table, Azure storage blob and Azure virtual machine metrics data into the Splunk platform. You can configure this connection using Splunk Web on your data collection node as a best practice, or by using the configuration files.

Prerequisites

Before you complete these steps, follow the directions in Configure a Storage Account in Microsoft Cloud Services to prepare your Microsoft account for this integration.

When the Splunk Add-on for Microsoft Cloud Services is used in conjunction with Azure storage, the number of inodes available can fill up quickly, creating pointer files on your operating system for every single blob. This results in a file directory containing extremely large numbers of files, and potentially resulting in a “no space left on device” error.

Connect to your account using Splunk Web

Access Splunk Web on the node of your Splunk platform installation that collects data for this add-on.

  1. Open the add-on, then select Configuration.
  2. Select Azure Azure Storage Account and enter the corresponding fields using the Input parameter table.

There are three Account Secret Types that you can select to configure an Azure storage account: Access Key, Account Token, and None Secret.

  • If you want to collect Azure storage table Azure virtual machine metrics data, you have to configure the account with the Access Key or Account Token.
  • If you want to collect Azure storage blob data, you can use any of three types.

Connect to your account using configuration files

If you do not have access to Splunk Web on your data collection node, you can configure the connection to your account using the configuration files.

  1. Create or open $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local/mscs_storage_accounts.conf.
  2. Add the following stanza: 
    [<account_stanza_name>]
account_name = <value>
account_secret = <value>
account_secret_type = <value>
account_class_type = <value>

Input parameters

Each attribute in the following table corresponds to a field in Splunk Web.

Attribute

Corresponding field in Splunk Web

Description

account_name

Account Name

The name for the storage account. Name cannot contain any whitespace.

account_secret

Account Secret

You can enter the key or token generated when you Configure a Storage Account in Microsoft Cloud Service.

account_secret_type

Access Key, Account Token or None Secret

If you set account_secret_type=0, it means the storage account use the None Secret type. You do not have to set Account Name and Account Secret. If you configure the inputs using a configuration file, you can leave account_name and account_secret blank.

If you set account_secret_type=1, it means the storage account uses Access Key type. You have to enter the key generated when you Configure a Storage Account in Microsoft Cloud Service.

If you set account_secret_type=2, it means the storage account use Account Token type. You have to enter the token generated when you Configure a Storage Account in Microsoft Cloud Service.

account_class_type

Account class type

Type of account class. The integer is either 1 or 2, 1 for Azure public cloud, and 2 for Azure government cloud.