All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Microsoft Azure: Is there a reason Splunk keeps retrieving the same data from Azure?

mhazz19087
Engager
‎05-10-2016 02:09 PM

I currently have the Splunk Add-on for Microsoft Azure for Splunk installed, but have noticed that each time it polls, it only retrieves the same set of events repeatedly and has not retrieved any new events since its implementation. I followed the directions in the PDF that comes with the add-on. Any advice would be greatly appreciated!

Thank you!

0 Karma
Reply

danieltodorov
New Member
‎05-12-2016 02:49 AM

Hello i hit the same issue. The problem it appears because they use os.rename to save information in file, about what is the latest collected data, but in Windows this fails after the first collection. It fails because in windows os.rename can’t save the file if the destination exist.

You can check the Python Docs : https://docs.python.org/2/library/os.html

For a workaround i changed the Python script to check if file exist before the rename and if it's existing, the script delete it.

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎05-10-2016 02:57 PM

Which input are you using? Also, try running the following search:

index=_internal sourcetype=splunkd Azure*
0 Karma
Reply

mhazz19087
Engager
‎05-11-2016 07:53 AM

I am using the Azure Audit input.

When I run that search I get the following error:

ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\TA-Azure\bin\AzureAudit.py"" 2016-05-11 10:49:00,559 ERROR AzureAudit:410 - Error steaming data: [Error 183] Cannot create a file when that file already exists

There are also other licensing and metric entries too and they are all the same.

0 Karma
Reply

giorgio_adami_m
Path Finder
‎05-11-2016 08:25 AM

Take a look!
https://answers.splunk.com/answers/396835/splunk-add-on-for-microsoft-azure-azurewebsitediag.html

0 Karma
Reply

mhazz19087
Engager
‎05-12-2016 08:53 AM

I see what you're referencing, but I cannot locate the file that "already exists". I would prefer not to edit the script if necessary, especially as this isn't the exact same scenario. If I could locate this file I could rename it so that it could be recreated.

0 Karma
Reply

mhazz19087
Engager
‎05-11-2016 07:53 AM

And thank you for your time!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...