i was happy to finally see the Event Hub input in the add-on. But my bubble was quickly popped. I've configured the input for an event hub and there isn't any data ingesting. Viewing the debug log, the input only shows executing the proxy configuration which is successful. I do not see any attempt to query the hub, Any suggestions?
Do you see anything in _internal for the add-on using the following search?
index=_internal sourcetype="ta:ms:aad:log" source=*hub*
Do you see anything in _internal for the add-on using the following search?
index=_internal sourcetype="ta:ms:aad:log" source=*hub*
What i am seeing is
2019-10-15 18:54:47,034 ERROR pid=61165 tid=MainThread file=mgmt_operation.py:on_complete:118 | Failed to complete mgmt operation.
Status code: 404
Message: "The messaging entity 'eventhub' could not be found."
Which is the hub name. Looking at the input, i'm confused as to what share connection string I should use. I am using the shared connection string in Azure for the event hub it self. I am use to using the tennant ID, Subscription, App and Secret for permissions of other Azure Splunk inputs.
This is the connection string that I am using:
Endpoint=sb://'eventhub'.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey='secrect'
ok, i found my issue. i was using the event hub namespace and not the hub name.
I think I may have found the answer:
Platforms: Unbuntu or Darwin for Event Hubs. All other inputs are platform independent. Can anyone verify?
Yes, Ubuntu and Darwin are the only currently supported platforms for Event Hub due to some pre-compiled C code needed. What platform are you on?
Running on Red Hat Enterprise
I just tested on Red Hat Enterprise 7.7 and it worked. Do you see anything in the error logs?
I do.. Let me look at the configuration of the input. I will let you know. Thanks!