- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How to ingest Event Hubs with Microsoft Cloud ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to ingest Event Hubs with Microsoft Cloud Services?
Im using the Splunk Add-on for Microsoft Cloud Services, and I'm trying to ingest EHs.
We've setup th SP, and Enterprise app, created EHs. and configured account and inputs in addon
yyyy-dd-mm 11:36:20,813 level=INFO pid=18561 tid=MainThread logger=__main__ pos=mscs_azure_event_hub.py:_try_creating_blob_checkpoint_store:567 datainput="AzureEH" start_time= message="Blob checkpoint store not configured"
yyyy-dd-mm 11:36:14,786 level=INFO pid=18427 tid=MainThread logger=splunksdc.loop pos=loop.py:is_aborted:38 datainput="AzureEH" start_time= message="Loop has been aborted."- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for the details on this thread
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Answering my own question. At was resolved with correct permission in azure
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I encounter the exact same issue. What permissions do you exactly mean?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You require two permissions to ingest Event Hub through through Microsoft Cloud Services.
- Azure Service Management -> "user_impersonation"
- In Azure Portal -> Subscriptions -> Access control (IAM) -> Add role assignments -> Role: "Azure Event Hubs Data Receiver" -> User, group or service principal -> give this your app.
It has been documented meanwhile at https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Configureeventhubs
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for sharing this. I updated the permissions and it seem to work. I'm still getting the same error in the "splunk_ta_microsoft_cloudservices_mscs_[azure_event_hub_azure-west-activity-logs.log]"
message="Blob checkpoint store not configured"
However, Azure Event Hub events are in the indexer and searchable.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what Permission did you add to fix this ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What permissions was this? Event Hub Data Receiver?
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
