Hi,
I recently took over our instance from a colleague that left and I am stuck on this error whenever I reboot the Splunk server where the TA is installed:
Invalid key in stanza [MS_AAD_signins://AzureADSignins] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 4: max_records (value: XX).
Invalid key in stanza [MS_AAD_signins://AzureADSignins] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 6: tenant_domain (value: XXXXXX).
Invalid key in stanza [MS_AAD_signins://AzureADSignins] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 7: client_id (value: XXXXXXX).
Invalid key in stanza [MS_AAD_signins://AzureADSignins] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 8: client_secret (value: XXXXXXX).
Invalid key in stanza [MS_AAD_audit://AzureADAudit] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 18: max_records (value: XX).
Invalid key in stanza [MS_AAD_audit://AzureADAudit] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 20: tenant_domain (value: XXXXXXX).
Invalid key in stanza [MS_AAD_audit://AzureADAudit] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 21: client_id (value: XXXXXXXX).
Invalid key in stanza [MS_AAD_audit://AzureADAudit] in /data/splunk/etc/apps/TA-MS-AAD/local/inputs.conf, line 22: client_secret (value: XXXX).
Invalid key in stanza [additional_parameters] in /data/splunk/etc/apps/TA-MS-AAD/local/ta_ms_aad_settings.conf, line 2: client_id (value: XXX).
Invalid key in stanza [additional_parameters] in /data/splunk/etc/apps/TA-MS-AAD/local/ta_ms_aad_settings.conf, line 3: client_secret (value: XXX).
Looking at the internal error log for this TA, I get <stderr> Introspecting scheme=azure_virtual_network: File "/data/splunk/etc/apps/TA-MS-AAD/bin/ta_ms_aad_declare.py", line 10, in <module> Looking at the file, line 10 is the "import re" line
Not too sure where to go from here or if the 2 are linked. Any help would be appreciated.
Thanks!