Re: How to troubleshoot why the Splunk Add-on for ...

gcyre · ‎05-10-2016

I recently installed the Splunk Add-on for Microsoft Azure, and from what I can see, the logs are not being imported. I'm trying to get logs from an Azure cloud service. I've verified there are trace logs in the table, but for some reason the add-on is not ingesting them

Is there any kind of troubleshooting I can do?

thanks
Garry

jconger · ‎05-10-2016

The add-on writes logs about itself to the special _internal index. Try the following search to look for errors/messages:

index=_internal sourcetype=splunkd Azure*

Also, a new version of the add-on was recently released that addressed a bug with the generic table collector. https://splunkbase.splunk.com/app/3084/

gcyre · ‎05-10-2016

thanks for the quick response...

When I run that query I get

05-10-2016 16:38:46.969 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureWebsiteDiagnostics.py" /export/splunk/etc/apps/TA-Azure/bin/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

I've set up the data input as:
Data inputs » Azure Website Diagnostics »

What should be used for Site diagnostics container name? I have "wad-control-container"

thanks
Garry

How to troubleshoot why the Splunk Add-on for Microsoft Azure is not grabbing trace logs from an Azure cloud service?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases