Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Azure Storage Account not connecting

LinghGroove
Explorer
‎09-30-2024 08:39 AM

Hello,

I'm having troubles connection a Splunk instance with an Azure Storage Account. After the account was set i have configured my Splunk instance to connect with the Storage Account using the Splunk Add-on for Microsoft Cloud Services. 

When i enter the Account Name and the Account Secret it gives this error:
App-Err.PNG
This was configured from "Configuration" > "Azure Storage Account" > "Add".
I have controlled the Account Name and the Access Key, they are correct. Looking at the logs this was the only noticeble error that pops up:

 

log_level=ERROR pid=3270316 tid=MainThread file=storageaccount.py:validate:97 | Error <urllib3.connection.HTTPSConnection object at 0x7e14a4a8e940>: Failed to establish a new connection: [Errno -2] Name or service not known while verifying the credentials: Traceback (most recent call last):

 

other than this i saw some http requests with 502 error on the splunkd.log but i don't know if it is related. 
I have checked to see if the Splunk machine could reach the azure resourse and it can. It can also do api calls correctly. 
At this point i have no idea on what could cause this problem. 
Do you guys have any idea on what controls i could do to see where is the problem?
Did  i miss some configurations? Could it be some problems on the Azure side? If yes what controls should i do? 
(used the ufficial guide https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configurestorageaccount/)

Thanks a lot in advance for your help. 
 

Labels (3)
Labels
Tags (1)
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-30-2024 09:04 AM

Hi! It looks like there's an authentication failure on the Azure side. You need to assign the correct permissions to the Azure app.

Before proceeding on configuring https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/ConfigureappinAzureAD

ensure your storage account token (SAS) has the following privileges:

Use either Access key OR Shared Access Signature with:

  • Allowed services: Blob, Table
  • Allowed resource types: Service, Container, Object
  • Allowed permissions: Read, List



Please UpVote if this is helpful.

 
 
0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...