- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- No Date collected with Microsoft Azure Add-on vers...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can't get any data from Azure . I understand that need to configure connection string and Event Hub name, but there is nothing show, even in internal index
- Paste the connection string from Step 1
- Paste the Event Hub name from Step 2
From the server side, I can see traffics are being exchanged, assumed the connectivity is good.
Is there anyway I can troubleshoot this issue to see what's going wrong?
# tcpdump -i any host hsbc-multi-shrd-01-euw-evhub-mon-01.servicebus.windows.net -t
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [P.], seq 1506474280:1506474345, ack 958390525, win 340, length 65
IP gbl20060520.hc.cloud##########.35028 > 10.102.144.196.amqps: Flags [P.], seq 871485393:871485446, ack 2983679033, win 1027, length 53
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35032: Flags [P.], seq 2685114633:2685115149, ack 3374421201, win 2048, length 516
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35028: Flags [P.], seq 1:7589, ack 0, win 2048, length 7588
IP gbl20060520.hc.cloud##########.35028 > 10.102.144.196.amqps: Flags [.], ack 7589, win 1145, length 0
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35030: Flags [P.], seq 1:1962, ack 65, win 2048, length 1961
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [.], ack 1962, win 370, length 0
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35030: Flags [P.], seq 1962:3630, ack 65, win 2048, length 1668
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [.], ack 3630, win 397, length 0
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35030: Flags [P.], seq 3630:6891, ack 65, win 2048, length 3261
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [.], ack 6891, win 447, length 0
Thanks,
Michael
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue. The adds on works fine, but I can't see them in HF because they have forwarded to index left no local data. I can see the logs on my indexer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you install the addon in Heavy forwarder?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
did u check the connectivity?
where did u install the Add-on? is it in HF?
index=_internal source=*aad* did u check the internal logs?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Per the tcpdump results, I can see the traffics went through from server to Azure. The strange thing is there is nothing at index=_internal
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the issue. The adds on works fine, but I can't see them in HF because they have forwarded to index left no local data. I can see the logs on my indexer.
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
