We have a clustered search head and indexer environment with 16 indexers and a Deployment server
On a remote Windows server we have a PS script that runs a Microsoft API call every hour to pull alerts from Azure and then dumps the output into a .csv file on that Windows server. This server is not running a UF.
I’m not seeing any of the four/five Azure add-ons that pull the Azure AD related alerts so with that I would like to assistance in pulling those .csv files into an index on Splunk.
Is the best way to get the files from the remote Windows server via a UF that is set to monitor the ,csv files in the directory?
Thx
↧