Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Error getting event hub creds: StatusCodeError...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error getting event hub creds: StatusCodeError: 403
We have enabled the firewall for the subnet. What is OID?
08-26-2019 19:31:25.922 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" Modular input azure_activity_log://SV Activity Log Error getting event hub creds: StatusCodeError: 403 - {"error":{"code":"Forbidden","message":"Client address is not authorized and caller is not a trusted service.\r\nClient address: 10.XX.8.XX from unknown network\r\nCaller: appid=XXXX-XXXX-XXXX-XXXX-XXXXXXX;oid=xxxx-3xx441-4c42-bd0a-90a8xxxxxxx8;iss=https://sts.windows.net/xxxx-xx-47f3-xx-791axxxxx85c/\r\nVault: PRD-KV;location=eastus","innererror":{"code":"ForbiddenByFirewall"}}}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I switched from the Azure Activity log data input to the Azure Event hub input. This did not help either
2019-09-09 13:17:41,649 ERROR pid=102749 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/ta_azure_event_hubs_log_integrator/modinput_wrapper/base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/azure_event_hubs.py", line 72, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/input_module_azure_event_hubs.py", line 24, in collect_events
generator = block_blob_service.list_blobs(opt_container)
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/ta_azure_event_hubs_log_integrator/azure/storage/blob/baseblobservice.py", line 1177, in list_blobs
resp = self._list_blobs(*args, **kwargs)
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/ta_azure_event_hubs_log_integrator/azure/storage/blob/baseblobservice.py", line 1247, in _list_blobs
response = self._perform_request(request)
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/ta_azure_event_hubs_log_integrator/azure/storage/storageclient.py", line 195, in _perform_request
_storage_error_handler(HTTPError(response.status, response.message, response.headers, response.body))
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/ta_azure_event_hubs_log_integrator/azure/storage/_serialization.py", line 125, in _storage_error_handler
return _general_error_handler(http_error)
File "/opt/splunk/etc/apps/TA-azure-event-hubs-log-integrator/bin/ta_azure_event_hubs_log_integrator/azure/storage/_error.py", line 74, in _general_error_handler
raise AzureHttpError(message, http_error.status)
AzureHttpError: This request is not authorized to perform this operation.
AuthorizationFailureThis request is not authorized to perform this operation.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
