Azure Firewall integration with Splunk Cloud

Awasthi, Shubham 1 Reputation point
2021-02-17T16:33:15.117+00:00

I have to ingest Azure Firewall logs to Splunk Cloud. I am exploring ways to do it. If there is a step by step guide, please let me know.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
593 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. suvasara-MSFT 10,016 Reputation points
    2021-02-22T10:50:17.68+00:00

    @Awasthi, Shubham , Looks like splunking Azure Firewall logs is not yet supported in Microsoft Azure supported Splunk addons. I did this lab in my local environment by installing Splunk Add-on for Microsoft Cloud Services and Microsoft Azure App for Splunk addons in my enterprise base. But, not able to generate any relative flows on the dashboard.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments No comments

  2. Awasthi, Shubham 1 Reputation point
    2021-02-22T17:59:03.91+00:00

    That's sad. I was thinking if we can do that via rsyslog and then parsing the raw logs? A bit too much but worth a shot?