Create a Microsoft Azure connection

Create a Microsoft Azure connection in the Data Management app to authenticate federated searches over datasets in Azure Data Lake Storage and Azure Blob Storage.

Create a Microsoft Azure connection in the Data Management app to authenticate federated searches over datasets in Azure Data Lake Storage (ADLS) and Azure Blob Storage (ABS) containers from your Splunk platform deployment.

The Microsoft Azure connection uses a Microsoft Entra app registration to authenticate your ability to run federated searches over federated datasets in ADLS and ABS containers. You can create multiple datasets that use the same connection.

  • To create a connection for federated search over a Microsoft Azure dataset, your Splunk Cloud Platform deployment user account must have a role with the with the edit_connections and edit_datasets capabilities. See Define roles on the Splunk platform with capabilities in the Splunk Cloud Platform Manage Users and Security manual.

  • To allow the Splunk platform to access Microsoft Azure through your connection, complete the following tasks in Microsoft Entra ID:

    Task Microsoft Entra documentation
    Create an app registration for your connection. Register an application in Microsoft Entra ID
    Add a client secret to the app registration. Add and manage application credentials in Microsoft Entra ID
    Grant the Storage Blob Data Contributor role to the app registration for your connection. Assign Azure roles using the Azure portal

    Keep your app registration information open in a separate browser tab throughout the connection creation process, so that you can retrieve the required values for authenticating your connection and configuring your dataset.

  • (Optional) The Azure storage account that contains the Microsoft Azure dataset you want to access may have network-level access restrictions that prevent you from performing read or write operations on that dataset. To get around these restrictions, set up an IP address allow list for the storage account that corresponds to the Cloud region of your Splunk Cloud Platform deployment.

  1. On your Splunk Cloud Platform deployment, in Splunk Web, open the Data Management app.
  2. Open the Connections page in the Data Management app.
  3. Select Create connection.
  4. On the Select data store page, select Microsoft Azure, and then Next.
  5. On the General page, provide values for the following settings, and then select Next:
    Setting Description
    Connection name Enter a unique name for the connection. The connection name must start with a lower-case letter and can contain only lower-case alphanumeric characters, underscores, and hyphens.
    Connection description (Optional) Provide a description of the connection.
    Azure account region (Optional) Select the region of your Azure storage account.
  6. On the Storage authentication page, configure the following settings, and then select Next.
    Setting Description
    Tenant ID Enter the tenant ID associated with your app registration. You can find this ID on the Overview page of your app registration in Microsoft Entra, in a field named Directory (tenant) ID.
    Client ID Enter the client ID associated with your app registration. You can find this ID on the Overview page of your app registration in Microsoft Entra, in a field named Application (client) ID.
    Client secret value Enter the client secret value associated with your app registration.You can find this value on the Certificates & secrets page of your app registration in Microsoft Entra, on the Client secrets tab.
    Client secret expiration date (Optional) Enter the expiration date of the client secret, which is also shown on the Client secrets tab in Microsoft Entra. Including this expiration date in the connection settings lets you use the Data Management app to verify when you need to rotate the client secret.
  7. On the Review page, ensure that the entered information is correct, and then select Create to create your connection.

After you create a connection to your Azure storage account, define a dataset for that connection. See Define a Microsoft Azure dataset.