All Apps and Add-ons

Splunk Add-on for Microsoft Cloud Services: NO Azure Audit logs.

Mkat1
New Member

Hi,
I created Azure Audit input. I have no logs when I open 'Search tab' and search for logs by index(specified when creating Audit input).
User which I use in 'Azure App Account' is Global administrator in azure.

What I'm doing wrong?

0 Karma

martaBenedetti
Path Finder

Hi,

I have the same issue: have you ever solved the problem?

 

Thanks

Marta

0 Karma

Bloodnite
Path Finder

I had to have our Azure admin enter his creds while remoted into my pc when I was setting up the app's configs/API integrations when it prompted to sign in after setting the API key etc for the app to use.

0 Karma

milshtyn
New Member

I basically have the same issue, but I do know it's a permissions issue. My splunk logs show this error:
APIError: "status=403, error_code=AuthorizationFailed, error_msg=The client 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx1133' with object id ''xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx1133' does not have authorization to perform action 'microsoft.insights/eventtypes/values/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx12f4'."

I thought I configured everything correctly, but it's not pulling it. I use the same Active Directory Application in Azure AD for pulling Office 365 Management API Inputs and that works fine.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...