Guys, could you please shed some light here?
I have configured azure api management to stream events to event hub and Spunk add-on to connect to event hub. I am receiving the below error.
I have given the Azure Event hub data receiver role to the IAM account used in the integratiion.
@Knightrider1234 I found a solution. I searched and couldn't find an answer so I will post this here for anyone else that is experiencing the issue above.
I initially started with the Microsoft Azure Add-on for Splunk. I found "The Event Hub input has been deprecated in this add-on. Please use the Splunk supported Splunk Add-on for Microsoft Cloud Services to ingest Event Hub data" on the inputs page of the app.
I then figured out the difference:
Microsoft Azure Add on for Splunk (now deprecated)
-> ingests Eventhubs through old ClientSecret String
Splunk Add-on for Microsoft Cloud Services
-> ingests Eventhubs through modern Azure-AD app with Reader rights into eventhub
You must navigate to Subscriptions -> your subscription -> Access Control (IAM) -> Select (+Add) and give the Splunk app Azure Event Hubs Data Receiver. In the Event Hub set-up of the Splunk Add-on for Microsoft Cloud Services give the FQDN only (e.g. lab-eventhub.servicebus.windows.net) and provide the event-hub name in the following field. This worked for me and I immediately started getting logs in.
Hope this helps!
Hello ... Did you ever get this resolved? I'm running into the same issue. It seems to have something to do with the event_hub_namespace parameter in the config file, but I've not been successful at figuring out what the problem is.