Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Large amount of erorrs in Microsft Azure-Add on fo...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ajiwanand
Path Finder
07-30-2020
05:00 PM
I'll start out by saying the collection of logs from eventhub via this add-on works fine. I am seeing events in the azure index and they seem to be coming in just fine, however there is a significant amount of errors in splunkd.log around the TA-MS-AAD app.
Errors:
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/etc/apps/TA-MS-AAD/bin/uamqp/async_ops/client_async.py", line 835, in _client_run_async
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" await self._connection.work_async()
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/etc/apps/TA-MS-AAD/bin/uamqp/async_ops/connection_async.py", line 139, in work_async
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" self._conn.do_work()
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/etc/apps/TA-MS-AAD/bin/uamqp/receiver.py", line 239, in _message_received
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" delivery_no=message_number)
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/etc/apps/TA-MS-AAD/bin/uamqp/message.py", line 99, in __init__
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" self._parse_message_body(message)
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" Message: 'Deallocating %r'
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" Arguments: ('ArrayValue',)
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" --- Logging error ---
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" Traceback (most recent call last):
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/lib/python3.7/logging/handlers.py", line 69, in emit
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" if self.shouldRollover(record):
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/lib/python3.7/logging/handlers.py", line 186, in shouldRollover
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" self.stream.seek(0, 2) #due to non-posix-compliant Windows feature
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" RuntimeError: reentrant call inside <_io.BufferedWriter name='/opt/splunk/var/log/splunk/ta_ms_aad_azure_event_hub.log'>
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" Call stack:
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py", line 4, in <module>
07-30-2020 20:22:39.836 +0000 ERROR ExecProcessor - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_event_hub.py" import azure_event_hub_core
I can't really pin-point what the errors may be, but this is driving up the amount of logs we're ingesting significantly, up to the point where its actually affecting out licenses.
Any idea?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ajiwanand
Path Finder
07-30-2020
06:01 PM
really, interesting then i guess i need to do more investigation into why we're having licensing errors.
Also, after digging more into this i believe the issue was simply having the logs set to DEBUG for the Microsoft Azure Add-on for Splunk. Simply changing this to WARNING, removed these errors. I guess this App implements the splunk logging module incorrectly, but it doesnt seem to affect ingested events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
richgalloway
SplunkTrust
07-30-2020
05:31 PM
I don't have a solution, but splunkd.log does not count against your license.
---
If this reply helps you, Karma would be appreciated.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ajiwanand
Path Finder
07-30-2020
06:01 PM
really, interesting then i guess i need to do more investigation into why we're having licensing errors.
Also, after digging more into this i believe the issue was simply having the logs set to DEBUG for the Microsoft Azure Add-on for Splunk. Simply changing this to WARNING, removed these errors. I guess this App implements the splunk logging module incorrectly, but it doesnt seem to affect ingested events.
Get Updates on the Splunk Community!
Splunk Observability for AI
Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!
Discover how Splunk’s agentic AI ...
[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!
What are Community Office Hours?
Community Office Hours is an interactive 60-minute Zoom series where ...
