Im using ver 4.1.5 of the cloud services Add-on on my HF Splunk ver 8.0.9.
I've configured an Azure App Account in the App and a input for collecting Azure Devops Audit data. But im not getting any logs in to Splunk. Im getting below warning message in "splunk_ta_microsoft_cloudservices_mscs_azure_event_hub_AzureDevopsAudit.log"
I've heard of this before, and it was an issue with the "Firewalls and virtual networks" settings in the Networking section on the event hub namespace. The settings were blocking the incoming connection from the Splunk add-on. After allowing the IP address (or CIDR) of the Splunk forwarder, data started coming in.