Hello Splunkers,

Need help/reference to onboard  Azure SignIn logs to Splunk? i am trying with Splunk Add for Microsoft Azure (Splunk Add on for Microsoft Azure | Splunkbase) But unable to do so,  getting below error:

2025-05-12 13:04:13,042 log_level=ERROR pid=319128 tid=MainThread file=base_modinput.py:log_error:317 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS-AAD/lib/splunktaucclib/modinput_wrapper/base_modinput.py", line 141, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_metrics.py", line 141, in collect_events resources = az_resource_graph.get_resources_by_query(helper, access_token, query, subscription_id.split(","), environment, resources=[]) File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/resource_graph.py", line 63, in get_resources_by_query raise e File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/resource_graph.py", line 48, in get_resources_by_query r.raise_for_status() File "/opt/splunk/etc/apps/TA-MS-AAD/lib/requests/models.py", line 1024, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 429 Client Error: Too Many Requests for url: https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2019-04-01

05-12-2025 18:25:07.429 +0000 ERROR TcpInputProc [1731515 FwdDataReceiverThread-0] - Error encountered for connection from src=127.0.0.1:42076. error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate

05-12-2025 13:04:13.134 +0000 ERROR ExecProcessor [326053 ExecProcessor] - message from "/opt/splunk/bin/python3.9 /opt/splunk/etc/apps/TA-MS-AAD/bin/azure_metrics.py" 429 Client Error: Too Many Requests for url: https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2019-04-01 - Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS-AAD/lib/splunktaucclib/modinput_wrapper/base_modinput.py", line 141, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_metrics.py", line 141, in collect_events resources = az_resource_graph.get_resources_by_query(helper, access_token, query, subscription_id.split(","), environment, resources=[]) File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/resource_graph.py", line 63, in get_resources_by_query raise e File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/resource_graph.py", line 48, in get_resources_by_query r.raise_for_status() File "/opt/splunk/etc/apps/TA-MS-AAD/lib/requests/models.py", line 1024, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 429 Client Error: Too Many Requests for url: https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2019-04-01 During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS-AAD/lib/splunklib/modularinput/script.py", line 67, in run_script self.stream_events(self._input_definition, event_writer) File "/opt/splunk/etc/apps/TA-MS-AAD/lib/splunktaucclib/modinput_wrapper/base_modinput.py", line 150, in stream_events raise RuntimeError(str(e)) RuntimeError: 429 Client Error: Too Many Requests for url: https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2019-04-01

TIA,