Re: What is the reason for Splunk_TA_microsoft-cl...

rayar · ‎02-01-2023

we have integration with EventHub using Splunk_TA_microsoft-cloudservices

we see that events are missing

what might be the reason ?

in case the event reached the EventHub with delay , will the APP pull the data ?

how much time back the APP is scanning the data ?

shivanshu1593 · ‎02-02-2023

Needs a lot of more context from your side but generally speaking the add-on makes a checkpoint based off an offset value that is present in the data, which helps it to recognize as to what it pulled the last time and start ingesting the next log to avoid duplication. Which also answers your other question, how far is the add-on scanning the data.

To identify your issue, a lot more context about the integration would be needed but since you are using Splunk_TA_microsoft-cloudservices, I'd recommend opening a support case with Splunk and submitting a diag file of the server where the add-on is hosted and working. They will be able to help you out.

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

What is the reason for Splunk_TA_microsoft-cloudservices missing data?

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation