I can't get any data from Azure . I understand that need to configure connection string and Event Hub name, but there is nothing show, even in internal index
From the server side, I can see traffics are being exchanged, assumed the connectivity is good.
Is there anyway I can troubleshoot this issue to see what's going wrong?
# tcpdump -i any host hsbc-multi-shrd-01-euw-evhub-mon-01.servicebus.windows.net -t
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [P.], seq 1506474280:1506474345, ack 958390525, win 340, length 65
IP gbl20060520.hc.cloud##########.35028 > 10.102.144.196.amqps: Flags [P.], seq 871485393:871485446, ack 2983679033, win 1027, length 53
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35032: Flags [P.], seq 2685114633:2685115149, ack 3374421201, win 2048, length 516
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35028: Flags [P.], seq 1:7589, ack 0, win 2048, length 7588
IP gbl20060520.hc.cloud##########.35028 > 10.102.144.196.amqps: Flags [.], ack 7589, win 1145, length 0
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35030: Flags [P.], seq 1:1962, ack 65, win 2048, length 1961
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [.], ack 1962, win 370, length 0
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35030: Flags [P.], seq 1962:3630, ack 65, win 2048, length 1668
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [.], ack 3630, win 397, length 0
IP 10.102.144.196.amqps > gbl20060520.hc.cloud##########.35030: Flags [P.], seq 3630:6891, ack 65, win 2048, length 3261
IP gbl20060520.hc.cloud##########.35030 > 10.102.144.196.amqps: Flags [.], ack 6891, win 447, length 0
Thanks,
Michael
I found the issue. The adds on works fine, but I can't see them in HF because they have forwarded to index left no local data. I can see the logs on my indexer.
Did you install the addon in Heavy forwarder?
Hi,
did u check the connectivity?
where did u install the Add-on? is it in HF?
index=_internal source=*aad* did u check the internal logs?
Per the tcpdump results, I can see the traffics went through from server to Azure. The strange thing is there is nothing at index=_internal
I found the issue. The adds on works fine, but I can't see them in HF because they have forwarded to index left no local data. I can see the logs on my indexer.