Scenario: To reduce the expenses of buying, owning, and maintaining physical data centers and servers, your organization has converted most of its infrastructure virtual with the help of Azure. This means you have whole new data types to secure and monitor. You have to relearn everything you used to know how to do in order to keep your organization running safely and efficiently. You want to use your Splunk deployment to manage all components of your cloud infrastructure and provide you with necessary information and alerts.
How Splunk software can help
You can use Splunk software to manage all the different components of Azure cloud infrastructure. You can easily run inventories of key components, audit all activities, and maintain security policies.
What you need
To succeed in implementing this use case, you need the following dependencies, resources, and information.
The best person to implement this use case is an Azure administrator who is familiar with Azure cloud services logging This person might come from your team, a Splunk partner, or Splunk OnDemand Services.
Maintaining Azure cloud infrastructure using Splunk software can last up to ten days or more.
The following technologies, data, and integrations are useful in successfully implementing this use case:
- Splunk Enterprise or Splunk Cloud
- Data sources onboarded
- Azure cloud environment data
- Splunk Add-on for Microsoft Cloud Services
- Microsoft Azure Add on for Splunk
- Microsoft Azure App for Splunk
How to use Splunk software for this use case
You can run many searches with Splunk software to maintain Azure cloud infrastructure. Depending on what information you have available, you might find it useful to identify some or all of the following:
- Inventory of Azure virtual machines
- Inventory of Azure virtual networks
- List of Azure resource public IP addresses
- List of Azure resource network interface cards
- Inventory of Azure managed disks
- Inventory of unattached Azure managed disks
- Calculating the cost of unattached disks
- Azure security policy review
- Azure resources with no associated tags
- Successful Azure audit operations
- Azure Active Directory audit events
Other steps you can take
To maximize their benefit, the how-to articles linked in the previous section likely need to tie into existing processes at your organization or become new standard processes. These processes commonly impact success with this use case:
- Capacity planning and cost tracking. This is important in all IT shops but increases in important when using cloud services.
- Security and compliance
These additional Splunk resources might help you understand and implement this use case:
- Blog: Real-Time operational intelligence for Microsoft Azure
- Blog: Splunking Azure: Event Hubs
- Blog: Splunk Azure: NSG Flow logs
- Conf Talk: Monitor and manage your cloud environment with Azure Monitor and Splunk
- Conf Talk: Gain end-to-end visibility into your Azure cloud environment using Splunk
- Conf Talk: Show and Tell: Prescriptive Use Cases for Azure and Office 365
- Chart: Azure Add-on Landscape (This is a highly recommended resource for understanding the various add-ons for getting data in from Azure)
How to assess your results
Measuring impact and benefit is critical to assessing the value of IT operations. The following are example metrics that can be useful to monitor when implementing this use case:
- Operational expenses savings due to efficiency actions from observability
- Reduced mean time to problem resolution (MTTR)
- Reduced time for compliance reporting.