top of page
Search

Send Logs from Splunk to Azure Blob

With Dataflect, integrating Splunk with Azure (or virtually any cloud provider) has never been easier.

One capability that can come in handy for many reasons is the ability to selectively send logs from Splunk to Azure Blob storage. With Dataflect this can be accomplished in a few easy steps.


Create an Azure App Registration with Read/Write Permissions to Azure Storage

There are a few different ways to do this, but one easy method is to create an App Registration and assign it the "Storage Blob Data Contributor" IAM Role. Store your App Registration Client ID and Secret, you'll need these later.


Add your Azure Storage Account FQDN to the Allowed Domains in Dataflect

Add Your App Registration Credentials to the Stored Credentials in Dataflect


In this example we are going to use the "Append" blob type, since this would be the appropriate type of storage for appending logs.


First, Initialize the Blob

In this example we use Dataflect's ability to Engage with the Azure Storage API to create a new blob with today's date. This could be configured as a saved search or set up as an alert action. In this example we simply run it manually:


Next, Send Logs to Azure

Next we'll craft a search that will gather the logs we want to send to Azure, and use Dataflect's capability to push logs to remote destination to append the resulting events to the end of the blob:


Validate that the Logs were Sent


Now that we've sent the logs, perhaps we want to reduce the retention of the data in Splunk to conserve storage and resources. But what if we want visibility into those logs at a later point, do we need to re-ingest? No! With Dataflect we can search the logs stored in the Azure Blob directly:



Yes, it is actually that easy. And that's just the beginning, contact us at sales@dataflect.com today for a demo!

bottom of page