All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Azure Siginin logs are not ingested

subbarayudu
New Member
‎08-22-2019 04:42 AM

Hi Team,

We are using version 1.1.0, From June3oth,noticed Azure_Signin logs are not being collected. Below is the ta log details. We even to deleted and re-added the configuration, Kindly assist.

2019-08-22 11:36:14,637 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:16,956 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=f5970c446f59894f9d72c2a3e2705175_124000 HTTP/1.1" 200 None
2019-08-22 11:36:17,170 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:17,172 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:19,719 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=92c340710daf7f40e60c3550bd8233e7_125000 HTTP/1.1" 200 None
2019-08-22 11:36:19,938 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:19,939 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:22,286 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=17b14e4beabf347dd49018247b74f648_126000 HTTP/1.1" 200 None
2019-08-22 11:36:22,513 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:22,516 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:24,854 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=767e337c1b3b9e1e4bf6281eb82d2433_127000 HTTP/1.1" 200 None
2019-08-22 11:36:25,070 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:25,072 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com
2019-08-22 11:36:27,411 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_make_request:400 | https://graph.microsoft.com:443 "GET /beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+2019-07-30T22%3a09%3a59.8512274Z&$skiptoken=a1283295e7d3d2bfae9aac1574e02758_128000 HTTP/1.1" 200 None
2019-08-22 11:36:28,610 DEBUG pid=7831 tid=MainThread file=base_modinput.py:log_debug:286 | Next URL (@odata.nextLink): https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
2019-08-22 11:36:28,611 DEBUG pid=7831 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): graph.microsoft.com

Thanks,
Subbu

0 Karma
Reply

jaxjohnny2000
Builder
‎10-11-2019 01:10 PM

That app was just released version 2.0.0. Try to install this on a fresh heavy forwarder first before upgrading. While this app should upgrade just fine, I say a fresh machine in case you have other inputs. This new version has a ton of new features. So, test this out and then backup the older version first.

Here’s an easy way to test outside of Splunk:

https://developer.microsoft.com/en-us/graph/graph-explorer
• Sign in
• Paste your URL without the skiptoken
o https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+...
• Click Run Query

This output helped me find my permissions issue

But upgrade for sure to version 2.0.0

0 Karma
Reply

subbarayudu
New Member
‎08-22-2019 10:48 AM

Hi Rick,

Here is the app details, Just now we upgraded the app as well, Still issue exists.

https://splunkbase.splunk.com/app/3757/

Thanks,
Subbu

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-22-2019 06:11 AM

Which add-on are you using to collect the Azure logs?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...