Splunking Microsoft Azure Logs (AzLogs)

It seems a silly question, but why would anyone pay $1,000,000 for something they could acquire for as much as 10x less? With IT budgets what they are, who wouldn’t want to avoid an unnecessary $900,000 expense?

That is the choice that organizations using Microsoft Azure and Splunk face now that Microsoft has deprecated AzLog (as of June 1, 2019).  AzLog includes critical information like service health, recommendations, security activity and more.

Organizations with Splunk already at the center of their SEIM strategy need a new way to integrate this data and most of the options, when considering developer time, hardware and software, VMs, and Event Hub licenses or Azure Monitoring, are downright expensive – and then they have to be maintained. There are four options for organizations to consider when replacing the Microsoft AzLog deprecated feature:

  1. StreamWeaver Platform (stream Azure logs directly to Splunk)
  2. Azure Monitor Add-On for Splunk
  3. Splunk Add-On for Microsoft Cloud Service
  4. Build-Your-Own (BYO) approach


Click below to schedule a discovery call where we will run through the pros and cons of each option. We are confident upon evaluation that you’ll come away with the same conclusion we did ─ any Splunk enterprise with a significant Azure footprint will immediately benefit from the ease, simplicity, comprehensive coverage, and hard-dollar value provided by the StreamWeaver Platform. Give us a call, and we’ll share with you the pros and cons of each option.

Schedule Discovery Call

Leave a Comment