Splunk Add-on for Microsoft Cloud Services: NO Az...

Mkat1 · ‎04-24-2017

Hi,
I created Azure Audit input. I have no logs when I open 'Search tab' and search for logs by index(specified when creating Audit input).
User which I use in 'Azure App Account' is Global administrator in azure.

What I'm doing wrong?

martaBenedetti · ‎10-25-2022

Hi,

I have the same issue: have you ever solved the problem?

Thanks

Marta

Bloodnite · ‎11-08-2017

I had to have our Azure admin enter his creds while remoted into my pc when I was setting up the app's configs/API integrations when it prompted to sign in after setting the API key etc for the app to use.

milshtyn · ‎10-06-2017

I basically have the same issue, but I do know it's a permissions issue. My splunk logs show this error:
APIError: "status=403, error_code=AuthorizationFailed, error_msg=The client 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx1133' with object id ''xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx1133' does not have authorization to perform action 'microsoft.insights/eventtypes/values/read' over scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx12f4'."

I thought I configured everything correctly, but it's not pulling it. I use the same Active Directory Application in Azure AD for pulling Office 365 Management API Inputs and that works fine.

Splunk Add-on for Microsoft Cloud Services: NO Azure Audit logs.

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout