High Five: The Latest Integrations from Splunk, Microsoft and GitHub

Hello Splunk Nation! Welcome to the latest roundup of Splunk integrations with Microsoft and GitHub! Hopefully, you had a chance to virtually attend .conf21 and check out all the amazing content. For those of you who missed it, we’re recapping the Microsoft, GitHub and Splunk highlights below:

1. Splunk Pipeline Analytics with GitHub: Now more than ever, visibility into your pipeline is critical to a secure, stable, on-time release that meets the needs of your customers. GitHub App for Splunk delivers insights into every stage of the software development lifecycle. With it, you’ll be able to:

• Eliminate silos through cross-team data sharing
• Align with business objectives by understanding trends and performance
• Reduce tech debt through streamlining and automation of testing
• Operationalize right and left shift by tracking how new processes or procedures improve the product

The app pulls data from the following data sources: GitHub Audit Log Monitoring Add-On for Splunk, GitHub.com webhooks, GitHub Enterprise Server Syslog Forwarder and GitHub Enterprise Collected Monitoring. Learn more about Audit Logging.

We’ve open sourced the project and you can contribute feature requests for new dashboards and alerts here.

2. Splunk on Azure Automation: For those of you interested in running your Splunk deployment on Azure, we have great news. Microsoft engineers have created a fully automated Splunk Enterprise on Azure deployment with a guided user interface that enables a custom BYOL deployment in under 12 minutes. This guided deployment has support for multiple operating systems including Ubuntu, CentOS and RedHat Enterprise Linux, and has out of the box infrastructure monitoring with Azure Monitor. For customers that prefer Kubernetes, the team has also built a guided deployment and reference implementation for Splunk Enterprise Operator on Azure Kubernetes Service.

3. SmartStore Support for Azure: You asked, and we delivered! SmartStore support for Azure is now available in preview for Splunk Enterprise. By decoupling Splunk compute from storage, SmartStore allows customers to better control infrastructure costs and reduce storage spend.

Splunk Content Packs contain out-of-the-box functionality for Splunk IT Service Intelligence (ITSI) and Splunk IT Essentials Work. They promote quick time to value, and help organizations to visualize Splunk and 3rd party tools data in full context with just a few clicks. Splunk Content Packs for ITSI and ITE Work are FREE to download, install quickly, and utilize pre-configured (but still customizable) dashboards, KPI based searches, Entity types, templates, and other objects. The Splunk Content Pack for Microsoft 365 is downloadable as part of the Splunk App for Content Packs (version 1.4 or newer) which provides a single interface to utilize a variety of ITSI content packs and upgrade them quickly as new functionalities are released. The Splunk Content Pack for Microsoft 365 provides the elements necessary to collect data from the hosts in your server environment and proactively monitors the performance, availability, security, incidents and messages across all of your Microsoft 365 services. It also provides dashboards and executive-level metrics so that technology leaders responsible for delivering the email, calendar and communications across their organization can visually represent the service level they're delivering.

5. Azure Functions for Splunk: Azure Functions allow users to leverage event-driven serverless code to route data into Splunk. Our Azure Functions integrate with Azure Event Hubs and Microsoft Graph APIs, pushing data to Splunk HTTP Event Collector (HEC) in real time, often eliminating the need for an add-on. For event hubs, the Azure Functions automatically scale up and down as data volume changes.

That’s all for this round of updates! Whether you’re rewatching or watching for the first time, the last three years of .conf session recordings, including keynotes and breakout sessions can be found here.

Happy Splunking!