All Apps and Add-ons

Microsoft Azure Add-On 3.0.0 - KeyError: Access_Token

Path Finder

We have had Microsoft Azure Add-On 3.0.0 installed and running successfully.

This was resolved, and a new Secret was generated in the Azure AD Portal, and configured into the Azure Add-On in Splunk. But we are getting an error, seems to be token related. Have tried deleting and recreating the input, but doesn't seem to matter. The only thing changed was creating the new secret in the portal and then configuring the app to use it. It was previously working OK until the old secret expired.

2021-04-08 10:59:07,307 ERROR pid=3520 tid=MainThread | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_ms_aad/aob_py3/modinput_wrapper/", line 128, in stream_events
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/", line 84, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/", line 61, in collect_events
access_token = azauth.get_graph_access_token(client_id, client_secret, tenant_id, helper)
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/", line 18, in get_graph_access_token
raise e
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/", line 16, in get_graph_access_token
return _get_access_token(endpoint, helper, payload)
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/", line 39, in _get_access_token
raise e
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/", line 37, in _get_access_token
return response['access_token']
KeyError: 'access_token'

Labels (1)
0 Karma

Path Finder

It looks like we were missing some permissions (needed both Directory.Read.All and AuditLog.Read.All) but that only resolved not getting the audit logs. Sign-in logs are still a no-show, but looks like the error is now due to API query limits being hit:

HTTPError: 429 Client Error: Too Many Requests for url:$orderby=activityDateTime&$filter=activit...

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...