Send data from Edge Processors to Microsoft Azure
Send data from Edge Processors to Azure Blob Storage or Azure Data Lake Storage containers by using Microsoft Azure datasets as pipeline destinations.
Sending data to Microsoft Azure is supported in Edge Processors that are associated with Splunk Cloud Platform version 10.4.2604 and higher.
To send data from an Edge Processor to an Azure Blob Storage container or an Azure Data Lake Storage container, you must do the following:
-
In the Data Management app on Splunk Cloud Platform, create a connection that provides access to Azure storage containers by authenticating through a Microsoft Entra app registration. For more information, see Create a Microsoft Azure connection for Edge Processor pipelines.
-
In the Data Management app on Splunk Cloud Platform, create a dataset that represents the location in Azure where you want to send data. For more information, see Create a Microsoft Azure dataset for Edge Processor pipelines.
-
In the Edge Processor service, create a pipeline that uses the Microsoft Azure dataset as a destination. For more information, see Create pipelines for Edge Processors.
Note: To ensure that the events you send to the dataset are compatible with federated searches, there are several best practices that you need to follow when configuring your pipeline. For more information, see Best practices for sending data from an Edge Processor to a dataset. -
In the Edge Processor service, apply the pipeline to an Edge Processor. For more information, see Apply pipelines to Edge Processors.
When you apply that pipeline to your Edge Processor, it starts sending the data that it receives to your Azure container. In Azure, this data is identified by a file path and name that is constructed using auto-generated values from the system as well as some of the values that you specify in the connection and dataset configuration.