All Apps and Add-ons

How to ingest Event Hubs with Microsoft Cloud Services?

kristenvipps
Engager

Im using the Splunk Add-on for Microsoft Cloud Services, and I'm trying to ingest EHs.
We've setup th SP, and Enterprise app, created EHs. and configured account and inputs in addon

yyyy-dd-mm 11:36:20,813 level=INFO pid=18561 tid=MainThread logger=__main__ pos=mscs_azure_event_hub.py:_try_creating_blob_checkpoint_store:567 datainput="AzureEH" start_time= message="Blob checkpoint store not configured"
yyyy-dd-mm 11:36:14,786 level=INFO pid=18427 tid=MainThread logger=splunksdc.loop pos=loop.py:is_aborted:38 datainput="AzureEH" start_time= message="Loop has been aborted."
Labels (3)
0 Karma

mf182407
Explorer

thanks for the details on this thread

0 Karma

kristenvipps
Engager

Answering my own question. At was resolved with correct permission in azure

0 Karma

Azeemering
Builder

I encounter the exact same issue. What permissions do you exactly mean?

0 Karma

bahndg
Explorer

You require two permissions to ingest Event Hub through through Microsoft Cloud Services.

- Azure Service Management -> "user_impersonation"

- In Azure Portal -> Subscriptions -> Access control (IAM) -> Add role assignments -> Role: "Azure Event Hubs Data Receiver" -> User, group or service principal -> give this your app.

It has been documented meanwhile at https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureeventhubs

h20
Engager

thanks for sharing this.  I updated the permissions and it seem to work.  I'm still getting the same error in the  "splunk_ta_microsoft_cloudservices_mscs_[azure_event_hub_azure-west-activity-logs.log]"

message="Blob checkpoint store not configured"

However, Azure Event Hub events are in the indexer and searchable.

0 Karma

zschmerber
Explorer

what Permission did you add to fix this ? 

0 Karma

joshuasolman
Loves-to-Learn Everything

What permissions was this? Event Hub Data Receiver? 

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...