Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Send Telemetry to Splunk Enterprise from Azure Resources via Azure Monitor, Part 5

For Part 1 of this blog series, which contains overview material, please click here.

 

There are several scenarios that must be addressed when thinking about getting telemetry from Azure resources to Splunk. What if Splunk is on premises? What if you’re using Splunk Cloud? You could be using a private network connection to Azure, or not. The Splunk add-on approach isn’t suited to all of these. In this blog and others in this series, I’ll introduce some new architectural elements and go into detail on each.

 

In this article, “the add-on” refers to this.

 

These specific scenarios will be dealt with:

 

  • Cloud-based Splunk, using the add-on (Part 2) 
  • Cloud-based Splunk, using the HTTP Event Collector (Part 3) 
  • Premises-based Splunk, using private network (Part 4) 
  • Premises-based Splunk, via the internet (this article)

 

In this, Part 5, I’ll go into Premises-based Splunk via the internet.

 

AzureFunctionPlusRelay

In this configuration, Splunk is on prem and behind a proxy server. The proxy server wants a static IP address to allow outbound communications, but Azure services such as Event Hub endpoints and ARM REST API endpoints are names, not static IPs. For this reason, the usual add-on techniques won’t work – the Splunk box on prem can’t get out to see the Azure-based API’s.

 

The solution is another Azure service: Azure Relay. With Azure Relay, the “listener” role establishes an “open phone line” in the cloud via a call over port 443. The “sender” role can see that open phone line and establish a channel for communications over it.

 

The components that you need to get going with this are:

  • Azure Function for Splunk, located here.
  • A Splunk add-on that knows how to work with Azure Relay. That’s here.

 

In this case, the Azure Function should be configured to run with the Relay output binding. The installation instructions in the README.md covers those details.

Share the post

Send Telemetry to Splunk Enterprise from Azure Resources via Azure Monitor, Part 5

×

Subscribe to Msdn Blogs | Get The Latest Information, Insights, Announcements, And News From Microsoft Experts And Developers In The Msdn Blogs.

Get updates delivered right to your inbox!

Thank you for your subscription

×