- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Azure Siginin logs are not ingested
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure Siginin logs are not ingested
Hi Team,
We are using version 1.1.0, From June3oth,noticed Azure_Signin logs are not being collected. Below is the ta log details. We even to deleted and re-added the configuration, Kindly assist.
2019-08-22 11:36:14,637 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:16,956 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=f5970c446f59894f9d72c2a3e2705175_124000 HTTP/1.1" 200 None
2019-08-22 11:36:17,170 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:17,172 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:19,719 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=92c340710daf7f40e60c3550bd8233e7_125000 HTTP/1.1" 200 None
2019-08-22 11:36:19,938 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:19,939 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:22,286 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=17b14e4beabf347dd49018247b74f648_126000 HTTP/1.1" 200 None
2019-08-22 11:36:22,513 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:22,516 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:24,854 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=767e337c1b3b9e1e4bf6281eb82d2433_127000 HTTP/1.1" 200 None
2019-08-22 11:36:25,070 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:25,072 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:27,411 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=a1283295e7d3d2bfae9aac1574e02758_128000 HTTP/1.1" 200 None
2019-08-22 11:36:28,610 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:28,611 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
Thanks,
Subbu
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That app was just released version 2.0.0. Try to install this on a fresh heavy forwarder first before upgrading. While this app should upgrade just fine, I say a fresh machine in case you have other inputs. This new version has a ton of new features. So, test this out and then backup the older version first.
Here’s an easy way to test outside of Splunk:
• https://developer.microsoft.com/en-us/graph/graph-explorer
• Sign in
• Paste your URL without the skiptoken
o https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
• Click Run Query
This output helped me find my permissions issue
But upgrade for sure to version 2.0.0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rick,
Here is the app details, Just now we upgraded the app as well, Still issue exists.
https://splunkbase.splunk.com/app/3757/
Thanks,
Subbu
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which add-on are you using to collect the Azure logs?
If this reply helps you, Karma would be appreciated.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
