Skip to content

Enable a saved search

You can populate the vm_id, private_ip, and public_ip fields in a lookup file that works with mscs:resource:virtualMachine events.

Enable a saved search in the Splunk Add-on for Microsoft Cloud Services Object view in Splunk Web or in default/savedsearches.conf. You can set a schedule for the search to run on, and users can also run it manually.