All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Error: read ECONNRESET

fredshino
Explorer
‎02-25-2019 06:53 AM

Connection reset looks like a networking issue to me but I checked our firewall logs and I don't see any denies on packets sent by our Splunk HF where the add-on is installed.

Can you give me any guidance on how to troubleshoot this?

02-25-2019 09:45:35.922 -0500 ERROR ExecProcessor - message from "/Data/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" Modular input azure_activity_log://***** Error getting event hub creds: RequestError: Error: read ECONNRESET
02-25-2019 09:46:35.855 -0500 ERROR ExecProcessor - message from "/Data/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" Modular input azure_diagnostic_logs://***** Diag Logs Error getting event hub creds: RequestError: Error: read ECONNRESET
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

fredshino
Explorer
‎04-10-2019 06:58 AM

I did. It was a firewall issue after all. I didn't see it in the firewall logs initially but after I talked to our networking team, they found some blocked packets going to the Key Vault. After we allowed those, we saw more traffic being blocked, now going to the Event Hub itself.

Basically, we had to add the following to the Firewall whitelist:

Dest: yourKeyVaultName.vault.azure.net
Service: TCP/443

Dest: yourEventhubName.servicebus.windows.net
Service: TCP/5671

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

fredshino
Explorer
‎04-10-2019 06:58 AM

I did. It was a firewall issue after all. I didn't see it in the firewall logs initially but after I talked to our networking team, they found some blocked packets going to the Key Vault. After we allowed those, we saw more traffic being blocked, now going to the Event Hub itself.

Basically, we had to add the following to the Firewall whitelist:

Dest: yourKeyVaultName.vault.azure.net
Service: TCP/443

Dest: yourEventhubName.servicebus.windows.net
Service: TCP/5671

0 Karma
Reply
Solved! Jump to solution

rmoss84
Explorer
‎04-10-2019 08:33 AM

Awesome. Looking at our traffic, we've got the same issue. Thank you for your answer. This should solve our problems as well.

0 Karma
Reply
Solved! Jump to solution

rmoss84
Explorer
‎04-10-2019 06:47 AM

Did you find a solution to this? I'm receiving the same error on my instance.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...