Re: What is the reason for Splunk_TA_microsoft-cl...

rayar · ‎02-01-2023

we have integration with EventHub using Splunk_TA_microsoft-cloudservices

we see that events are missing

what might be the reason ?

in case the event reached the EventHub with delay , will the APP pull the data ?

how much time back the APP is scanning the data ?

shivanshu1593 · ‎02-02-2023

Needs a lot of more context from your side but generally speaking the add-on makes a checkpoint based off an offset value that is present in the data, which helps it to recognize as to what it pulled the last time and start ingesting the next log to avoid duplication. Which also answers your other question, how far is the add-on scanning the data.

To identify your issue, a lot more context about the integration would be needed but since you are using Splunk_TA_microsoft-cloudservices, I'd recommend opening a support case with Splunk and submitting a diag file of the server where the add-on is hosted and working. They will be able to help you out.

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

What is the reason for Splunk_TA_microsoft-cloudservices missing data?

configuration

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!