- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Microsoft Azure Add on for Splunk no longer pullin...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Logs have been working fine until this week, now I get the error:
ERROR pid=15289 tid=MainThread file=base_modinput.py:log_error:307 | _Splunk_ Error getting event hub data for hub: insights-logs-signinlogs, resource: 3. Detail: The service was unable to process the request; please retry the operation. For more information on exception types and proper exception handling, please refer to http://go.microsoft.com/fwlink/?LinkId=761101 TrackingId:abe05384f2aa4f528eaad64feccc1e53_G8, SystemTracker:gateway5, Timestamp:
ErrorCodes.InternalServerError: The service was unable to process the request; please retry the operation. For more information on exception types and proper exception handling, please refer to http://go.microsoft.com/fwlink/?LinkId=761101 TrackingId:abe05384f2aa4f528eaad64feccc1e53_G8, SystemTracker:gateway5, Timestamp:
Also seeing these errors around the same time:
ERROR pid=48797 tid=MainThread file=base_modinput.py:log_error:307 | _Splunk_ Error getting event hub data for hub: insights-logs-auditlogs, resource: 2. Detail: ('Connection aborted.', BadStatusLine("''",))This is happening for multiple hubs?
Azure App v2.1.0
Spunk v7.3.3
@jconger !
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found the solution, the number of eventhub events had increased and the default settings for the Microsoft Azure Add-on App were no longer able to keep up.
I increased the setting for "Max batch Set Iterations" from 100 to 1000.
I then checked the eps for this source and saw a 50% increase. After a few days, the logs finally caught up and we are now pulling logs in a timely manner.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found the solution, the number of eventhub events had increased and the default settings for the Microsoft Azure Add-on App were no longer able to keep up.
I increased the setting for "Max batch Set Iterations" from 100 to 1000.
I then checked the eps for this source and saw a 50% increase. After a few days, the logs finally caught up and we are now pulling logs in a timely manner.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi junsi,
We are facing the same issue in one project with that particular TA. Which is the file where you modified that parameter? Thanks in advance.
Best regards.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can get to the setting within the App.
Simply click on the INPUTS tab, then select your (EventHub) input.
Click EDIT.
The Max Batch settings are at the bottom of the window!
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
