Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to receive data from Splunk add-on for Microsoft cloud service

nithin204
Explorer
‎01-30-2023 09:08 PM

Hi Splunkers, We have a splunk HF on Azure and we have installed the add-on for Microsoft cloud services on the HF. I am able to connect to the storage account on Azure from the connection section with a SAS token. 

When I have created the inputs to collect the data from the blobs in the storage account, I don't see any data coming into splunk. I have tried leaving the blob filed empty and added wildcard(*) but still I don't see any data. 

 

The only error message that I see in the corresponding logs is the "AuthorizationResourceTypeMismatch" error. Not really sure what the error means and what permissions needs to be changed.   Has anyone faced this issue? Can someone please help

 

Labels (1)
Labels
0 Karma
Reply

shivanshu1593
Builder
‎02-01-2023 12:42 PM

What are the internal logs saying for this add-on in the _internal index. If you can share the error messages, we can help you find the solution.

For the error that you shared "AuthorizationResourceTypeMismatch", it usually indicates that credentials that you gave Splunk to connect to Azure do not have the authorization to perform the said operation. You may want to give it more permissions.

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...