To reduce the expenses of buying, owning, and maintaining physical data centers and servers, your organization has converted most of its infrastructure virtual with the help of Azure. This means you have whole new data types to secure and monitor. You have to relearn everything you used to know how to do in order to keep your organization running safely and efficiently. You want to use your Splunk deployment to manage all components of your cloud infrastructure and provide you with necessary information and alerts.
- Azure Event Hub data
- Azure cloud environment data
How to use Splunk software for this use case
You can run many searches with Splunk software to help you manage Azure cloud infrastructure.
Searches that use the Splunk Add-on for Microsoft Cloud Services:
- Azure public storage blobs with anonymous access traffic
- Azure storage blobs made public and by who
- Azure resources with no associated tags
- Inventory of Azure virtual machines
- Inventory of Azure virtual networks
- List of Azure resource network interface cards
- List of Azure resource public IP addresses
- List of Azure resource unused public IP addresses
- List of Azure resource changes
- Logging output from any Azure Event Hub log
- Visualization of common Azure resource tags and tag values
Searches that use the Microsoft Azure Add-on for Splunk:
- Azure Active Directory users with no access for extended periods
- Azure Active Directory audit events
- Azure critical infrastructure health
- Azure load balancers with no healthy instances
- Azure security policy review
- Inventory of Azure managed disks
- Inventory of unattached Azure managed disks
- Incorrectly provisioned virtual machines
- Resources with non-compliant policy rules
Measuring impact and benefit is critical to assessing the value of IT operations. The following are example metrics that can be useful to monitor when implementing this use case:
- Operational expenses savings due to efficiency actions from observability
- Reduced mean time to problem resolution (MTTR)
- Reduced time for compliance reporting.
You should also review these organizational processes that commonly impact success with this use case:
- Capacity planning and cost tracking. This is important in all IT shops but increases in important when using cloud services.
- Security and compliance
This use case is also included in the IT Essentials Learn app, which provides more information about how to implement the use case successfully in your IT maturity journey. In addition, these Splunk resources might help you understand and implement this use case:
- Data Descriptor: Getting started with Microsoft Azure Event Hub data
- Blog: Real-Time operational intelligence for Microsoft Azure
- Blog: Splunk Azure: NSG Flow logs
- Chart: Azure Add-on Landscape (This is a highly recommended resource for understanding the various add-ons for getting data in from Azure)
Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.