Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Azure Monitor Error
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure Monitor Error
used the script to configure, but getting the following errors. Unsure what the offset in the system is referring to
06-13-2019 13:28:44.984 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" Modular input azure_activity_log://AzureMonitor1 ==> RX ERROR on hub: insights-operational-logs, err: AmqpProtocolError: com.microsoft:argument-error:The supplied offset '829016' is invalid. The last offset in the system is '233576' TrackingId:2cfd00bc-5236-4e7d-b2a8-371ecc53645d_B21, SystemTracker:spleh636959767003479956:eventhub:insights-operational-logs~32766, Timestamp:2019-06-13T20:28:44 Reference:0823f90e-3a79-426a-80e0-fc8b40ccad23, TrackingId:2e91892b-7ed2-406f-8303-ba7f13f2c921_B21, SystemTracker:spleh636959767003479956:eventhub:insights-operational-logs~32766|$default, Timestamp:2019-06-13T20:28:44 TrackingId:f8a9235c3c6246c7a37e2300c075f0f2_G15, SystemTracker:gateway5, Timestamp:2019-06-13T20:28:44
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" /opt/splunk/etc/apps/TA-Azure_Monitor/bin/node_modules/amqp10/lib/frames.js:64
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" stream.write(buffer, callback);
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" ^
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" TypeError: Cannot read property 'write' of null
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at Object.frames.writeFrame (/opt/splunk/etc/apps/TA-Azure_Monitor/bin/node_modules/amqp10/lib/frames.js:64:9)
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at Connection.sendFrame (/opt/splunk/etc/apps/TA-Azure_Monitor/bin/node_modules/amqp10/lib/connection.js:329:10)
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at ReceiverLink.Link.attach (/opt/splunk/etc/apps/TA-Azure_Monitor/bin/node_modules/amqp10/lib/link.js:152:27)
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at Timeout._onTimeout (/opt/splunk/etc/apps/TA-Azure_Monitor/bin/node_modules/amqp10/lib/link.js:270:12)
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at ontimeout (timers.js:386:11)
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at tryOnTimeout (timers.js:250:5)
06-13-2019 13:28:46.197 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" at Timer.listOnTimeout (timers.js:214:5)
Fun with Regular Expression - multiples of nine
[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...
What’s New & Next in Splunk SOAR
