Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
All Apps and Add-ons
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk Add-on for Microsoft Azure: Why am I ge...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmanson
Path Finder
05-10-2016
12:06 PM
Getting an error when trying to read generic Azure Storage table logs. Even tried with the Start Date/Time blank and still get the error below. Any Ideas?
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" Traceback (most recent call last):
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" File "/opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py", line 426, in <module>
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" do_run()
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" File "/opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py", line 305, in do_run
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" dateTimeStart = dateutil.parser.parse(marker)
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" File "/opt/splunk/etc/apps/TA-Azure/bin/dateutil/parser.py", line 1008, in parse
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" return DEFAULTPARSER.parse(timestr, **kwargs)
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" File "/opt/splunk/etc/apps/TA-Azure/bin/dateutil/parser.py", line 395, in parse
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" raise ValueError("Unknown string format")
05-10-2016 18:49:42.195 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py" ValueError: Unknown string format
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmanson
Path Finder
05-27-2016
10:59 AM
From Jason Conger: Try clearing the checkpoint. To do this, stop the Splunk instance where the Azure add-on is running and type the following at the command line:
$SPLUNK_HOME/bin/splunk clean inputdata AzureStorageTable
This worked for me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmanson
Path Finder
05-27-2016
10:59 AM
From Jason Conger: Try clearing the checkpoint. To do this, stop the Splunk instance where the Azure add-on is running and type the following at the command line:
$SPLUNK_HOME/bin/splunk clean inputdata AzureStorageTable
This worked for me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jconger
Splunk Employee
05-10-2016
12:33 PM
A new version (1.2.1) is available that should address this issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmanson
Path Finder
05-12-2016
09:48 AM
Why is it even getting to line 304 in AzureStorageTable.py? There is no marker but its logging that there is a marker.
if marker is not None:
# If we have a marker, then we just pick up there.
logging.debug("Marker found for table %s: %s" % (table_name, marker))
dateTimeStart = dateutil.parser.parse(marker)
ValueError: Unknown string format
raise ValueError("Unknown string format")
File "/opt/splunk/etc/apps/TA-Azure/bin/dateutil/parser.py", line 395, in parse
return DEFAULTPARSER.parse(timestr, **kwargs)
File "/opt/splunk/etc/apps/TA-Azure/bin/dateutil/parser.py", line 1008, in parse
dateTimeStart = dateutil.parser.parse(marker)
File "/opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py", line 307, in do_run
do_run()
File "/opt/splunk/etc/apps/TA-Azure/bin/AzureStorageTable.py", line 429, in <module>
Traceback (most recent call last):
AzureStorageTable:306 - Marker found for table WADWindowsEventLogsTable: None
AzureStorageTable:285 - Overriding dateTimeStart. New value = '2016-05-06 00:00:00'
AzureStorageTable:280 - dateTimeStart = '2016-05-10T12:31:03.393043'
AzureStorageTable:402 - XML: 'table_name' -> 'WADWindowsEventLogsTable'
AzureStorageTable:398 - XML: found param 'table_name'
AzureStorageTable:402 - XML: 'storage_account' -> 'REDACTED'
AzureStorageTable:398 - XML: found param 'storage_account'
AzureStorageTable:402 - XML: 'sourcetype' -> 'azure:storage:table'
AzureStorageTable:398 - XML: found param 'sourcetype'
AzureStorageTable:402 - XML: 'select_string' -> 'RawXml,Timestamp'
AzureStorageTable:398 - XML: found param 'select_string'
AzureStorageTable:402 - XML: 'pollingInterval' -> '60'
AzureStorageTable:398 - XML: found param 'pollingInterval'
AzureStorageTable:402 - XML: 'limit' -> '1000'
AzureStorageTable:398 - XML: found param 'limit'
AzureStorageTable:402 - XML: 'index' -> 'wineventlog'
AzureStorageTable:398 - XML: found param 'index'
AzureStorageTable:402 - XML: 'host' -> 'REDACTED'
AzureStorageTable:398 - XML: found param 'host'
AzureStorageTable:402 - XML: 'dateTimeStart' -> '2016-05-06'
AzureStorageTable:398 - XML: found param 'dateTimeStart'
AzureStorageTable:402 - XML: 'dateTimeColumn' -> 'Timestamp'
AzureStorageTable:398 - XML: found param 'dateTimeColumn'
AzureStorageTable:402 - XML: 'access_key' -> 'REDACTED'
AzureStorageTable:398 - XML: found param 'access_key'
AzureStorageTable:392 - XML: found stanza AzureStorageTable://REDACTED
AzureStorageTable:387 - XML: found configuration
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kmanson
Path Finder
05-10-2016
01:24 PM
Humm, still having the same errors. Whats the correct format for the date? I tried blank and 20160509T191536Z.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jconger
Splunk Employee
05-11-2016
08:04 AM
No date should work. But, 2016-05-09 should work as well.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
Hello Splunkers, We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...
May 2026 Splunk Expert Sessions: Security & Observability
Level Up Your Operations: May 2026 Splunk Expert Sessions
Whether you are refining your security posture or ...
