All Apps and Add-ons

Event Hub input configured for Azure Monitor Add On for Splunk but no data being indexed

rachaelcrook89
Explorer

We've setup the Event hub input according to the instructions included in the app and are not getting data into the index. We are also not getting any errors in the internal logs. 

Here's what I do see in the internal logs. 

index=_internal host=<heavy forwarder> source=*hub*

2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:41:40,798 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-843ec71b': Created the Event Hub client
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:41:39,464 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:38,196 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:37,448 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:36,413 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:40:40,777 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-4adf6449': Created the Event Hub client
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:40:39,481 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:38,240 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1

 

@jconger  Any help is greatly appreciated!

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...