Source types for the Splunk Add-on for Microsoft Cloud Services

The Splunk Add-on for Microsoft Cloud Services provides the index-time and search-time knowledge for Microsoft Cloud Services data in the following formats:

The ms:o365:management source type is for backward compatibility. A similar source type, o365:management:activity, is in the Splunk Add-on for Microsoft Office 365.

Data source	Source type	Event type	API	CIM data models	ITSI data models	Notes
Azure Event Hubs	mscs:azure:eventhub	n/a	Microsoft Azure Event Hubs Client Library for Python	n/a	n/a
Azure Event Hubs	mscs:azure:security:alert	n/a	Microsoft Azure Event Hubs Client Library for Python	Alerts	n/a
Azure Event Hubs	mscs:azure:security:recommendation	n/a	Microsoft Azure Event Hubs Client Library for Python	Alerts	n/a
Azure Event Hubs	azure:monitor:aad	mscs_audit_auth_account_management, mscs_audit_auth_all_changes, mscs_audit_auth_authentication, mscs_audit_auth_alerts, mscs_azure_aad_auditlogs, mscs_azure_aad_signinlogs, mscs_azure_aad_provisionlogs, mscs_azure_aad_userlogs	Microsoft Azure Event Hubs Client Library for Python	Alerts, Authentication, Change	n/a
Azure Event Hubs	azure:monitor:resource	n/a	Microsoft Azure Event Hubs Client Library for Python	Change, Databases DataAccess	n/a
Azure Event Hubs	azure:monitor:activity	mscs_azure_activity_all_changes, mscs_azure_activity_instance_changes, mscs_azure_activity_administrative_logs	Microsoft Azure Event Hubs Client Library for Python	Change	n/a
Azure Resource virtualMachine	mscs:resource:virtualMachine	mscs_inventory_vm	Azure Virtual Machines REST — List Azure Virtual Machines REST — Get VM information	n/a	Inventory
Azure Resource network InterfaceCard	mscs:resource:networkInterfaceCard	mscs_inventory_vm	Azure Network REST — List network interface cards	n/a	Inventory
Azure Resource public IPAddress	mscs:resource:publicIPAddress	n/a	Azure Network REST — List public IP addresses	n/a	n/a
Resource virtualNetwork	mscs:resource:virtualNetwork	n/a	Azure Network REST — List virtual networks	n/a	n/a
Azure Resource Disk	mscs:resource:disk	mscs_azure_resource_disk	n/a	Inventory, Storage	n/a
Azure Resource Image	mscs:resource:image	mscs_azure_resource_image	n/a	Inventory, Virtual	n/a
Azure Resource Snapshot	mscs:resource:snapshot	mscs_azure_resource_snapshot	n/a	Inventory, Virtual, Snapshot	n/a
Azure Resource Group	mscs:resource:resourceGroup	mscs_azure_resource_resourceGroup	n/a	Inventory	n/a
Azure Resource Subscription	mscs:resource:subscriptions	mscs_azure_resource_subscriptions	n/a	Inventory	n/a
Azure Resource SecurityGroup	mscs:resource:securityGroup	mscs_azure_resource_securityGroup	n/a	Inventory	n/a
Azure Audit log	mscs:azure:audit	n/a	Azure Insights — List events for an Azure subscription	Alerts, Change	n/a
Azure Storage Table	mscs:storage:table	n/a	Azure SDK for Python	n/a	n/a
Azure Storage Blob	mscs:storage:blob	n/a	Azure SDK for Python	n/a	n/a
Azure Storage Blob	mscs:storage:blob:json	n/a	Azure SDK for Python — Storage Table query_ entities	n/a	n/a	When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json source types are automatically extracted. You can configure the settings for these source types in their respective stanzas in your local props.conf file.
Azure Storage Blob	mscs:storage:blob:xml	n/a	Azure SDK for Python — Storage Table query_ entities	n/a	n/a	When selected in the input, XML and JSON fields for the mscs:storage:blob:xml and mscs:storage:blob:json source types are automatically extracted. You can configure the settings for these source types in their respective stanzas in your local props.conf file.
Virtual Machine Metrics	mscs:vm:metrics	mscs_perf_vm_cpu	Azure SDK for Python — Storage Table query_ entities	n/a	Performance
Azure Metrics	mscs:metrics	n/a	n/a	n/a	n/a
Azure Metrics	mscs:metrics:events	n/a	n/a	n/a	n/a
Azure KQL Log Analytics	mscs:kql	n/a	n/a	n/a	n/a
Azure KQL Log Analytics	mscs:kql:stats	n/a	n/a	n/a	n/a
Azure Consumption (Billing)	mscs:consumption:billing	n/a	n/a	n/a	n/a
Azure Consumption (Billing)	mscs:consumption:reservation:recommendation	n/a	n/a	n/a	n/a