- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to receive data from Splunk add-on for Microsoft cloud service
Hi Splunkers, We have a splunk HF on Azure and we have installed the add-on for Microsoft cloud services on the HF. I am able to connect to the storage account on Azure from the connection section with a SAS token.
When I have created the inputs to collect the data from the blobs in the storage account, I don't see any data coming into splunk. I have tried leaving the blob filed empty and added wildcard(*) but still I don't see any data.
The only error message that I see in the corresponding logs is the "AuthorizationResourceTypeMismatch" error. Not really sure what the error means and what permissions needs to be changed. Has anyone faced this issue? Can someone please help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are the internal logs saying for this add-on in the _internal index. If you can share the error messages, we can help you find the solution.
For the error that you shared "AuthorizationResourceTypeMismatch", it usually indicates that credentials that you gave Splunk to connect to Azure do not have the authorization to perform the said operation. You may want to give it more permissions.
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
