Configure an Azure Storage Location
This topic explains how to configure Microsoft Azure as a Cribl Lake Storage Location.
You can set an Azure Blob Storage container as the Storage Location for a Cribl Lake Dataset. This enables you to keep your data stored in Azure, but be able to search it in Cribl as a Dataset.
To connect Datasets, detach Storage Locations, and general BYOS limits, see Learn About Storage Locations.
Why Use an Azure Storage Location
By adding an Azure Storage Location to your Cribl Lake, you can:
- Keep log and security data in your own Azure storage account for compliance, but use Cribl for search and analytics over that data.
- Use Cribl Lake and Cribl Search to turn low-cost Azure Blob storage into a searchable archive.
Before You Begin
Complete these steps before configuring an Azure Storage Location in Cribl:
- Log in to your Azure tenant and navigate to Object storage > Blob Storage.
- Create a Storage Account and Blob container.
- Go to Access Control (IAM), then:
- If you want customer-managed encryption keys, create an Azure Key Vault and key.
- Assign RBAC roles at the right scopes:
Storage Blob Data Contributorat the Container.Storage Blob Data Ownerat the Storage Account.Key Vault Crypto Userat the Key Vault.
Configure an Azure Storage Location
By following the recommended setup in this section, Cribl Lake will simplify creating a new Azure Blob Storage location for BYOS Lake Datasets.
Select a Storage Provider
- Navigate to Lake > Storage Locations > New Storage Location.
- Select Azure, then Next.
Configure Settings
| Setting | Description | Example |
|---|---|---|
| Storage Location | A unique name for this storage location in Cribl Lake. | azure-lake-byos |
| Description | An optional description for this storage location. | Azure Storage in Cribl Lake. |
| Resource Group Name | The name of the resource group that will contain the storage account. Resource groups are logical organization structures for containers. | azure-blobs |
| Storage Account Name | The storage account. | azure |
| Region | The location where you want to deploy the Azure Storage Account. | West US 2 |
| Tenant ID | The ID of your Microsoft Entra directory, which is a string of hyphen-separated numbers and letters. | aa1b23c4-5d67-890e-ab12-345c67de8906 See Microsoft’s documentation on How to Find your tenant ID. |
| Subscription ID | The ID associated with your subscription agreement with Microsoft to use their cloud services. | aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e See Microsoft’s documentation on How to find your Azure subscription. |
Authenticate the Storage Account Access
After you configure the initial settings, you will authorize Cribl.Cloud in your Microsoft account, then generate an ARM template that you can download. Finally, launch the template in the Azure Data Storage console to create your infrastructure-as-code.
- Select Authorize Cribl.Cloud to launch a new window and sign into your Microsoft account. This creates an enterprise application for your Cribl.Cloud organization in your Microsoft Azure account.
- Once consent is confirmed, select Generate ARM Template, which downloads a JSON file containing the required IAM policies and roles. This will automatically provide Cribl Lake with access when you upload the JSON file to the Azure Storage account.
About the ARM Template
When you create an Azure Storage Location in Cribl Lake, the system generates a customized Azure Resource Manager (ARM) template for your environment. Deploying this template in Azure is a required step in the Cribl Lake Azure BYOS onboarding flow.
To learn about the ARM template, the resources it creates, storage account configuration, role assignments, inventory policy, and detailed steps on deploying it, see BYOS Azure ARM Template Reference.
Deploy the Custom Template in Microsoft Azure
To deploy the template in Azure:
- In Microsoft Azure, navigate to Deploy a Custom Template.
- Select Build your own template in the editor.
- Select Load file and load the .
jsonARM template file you downloaded from Cribl. - Select the target Subscription and Resource Group.
- Confirm the template loaded in Azure properly, then select Save.
To deploy the template in the command line:
Azure CLI
az deployment group create \
--resource-group <your-resource-group> \
--template-file CriblLakeByosAzureArmTemplate.jsonPowerShell
New-AzResourceGroupDeployment `
-ResourceGroupName <your-resource-group> `
-TemplateFile CriblLakeByosAzureArmTemplate.jsonValidate and Save the Azure Storage Location
Return to Cribl and move to Step 3: Confirm Template Deployment.
- Check the box to tell Cribl that you’ve deployed the ARM template in Microsoft Azure.
- Select Save.
Cribl will validate the configuration and connection to your Azure Storage account. At this step, Cribl will display any missing permissions if they are present.
When the connection is successful, you’ll see the Tenant ID in the list of Storage Locations.
Supported Azure Regions
Each Azure Storage Location can map to a bucket in one of the following Azure regions:
- Japan East (
japaneast) - Southeast Asia (
southeastasia) - Australia East (
australiaeast) - Canada Central (
canadacentral) - Germany West Central (
germanywestcentral) - Switzerland North (
switzerlandnorth) - North Europe (
northeurope) - UK South (
uksouth) - France Central (
francecentral) - Brazil South (
brazilsouth) - East US (
eastus) - East US 2 (
eastus2) - West US 2 (
westus2)
FedRAMP Support
FedRAMP deployments of Cribl.Cloud can’t use Cribl Lake Azure storage locations.
Detach an Azure Storage Location
To detach this storage location:
- Remove any Datasets with connected Collectors and Destinations.
- Open the Storage Location and select Detach.
- Select the checkbox and type DETACH in the text field.
- Select Detach. Next, revoke Cribl access in Azure by following the steps in the Azure documentation: Delete an enterprise application.
- In Cribl, confirm you revoked access in Azure.
Next Steps
Now that you’ve successfully created an Azure Storage Location, you can attach a Dataset to it. See Connect Datasets to Storage Locations for details.