Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Pulling from Event Hub - how to reset sequence number?

stevebrown
Engager
‎11-20-2024 04:20 AM

We have been given new Connection Strings to enter into our TA-MS-AAD inputs, running on Splunk Cloud's IDM host, pulling from a client's Event Hub.  The feeds were down for several days before we were given the Strings.

The IDM is now connecting to the Event Hub again but no data is flowing; the IDM's logs say

"The supplied sequence number '5529741' is invalid. The last sequence number in the system is '4121'"

Is there anything we can do about this?

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dural_yyz
Motivator
‎11-20-2024 06:29 AM

There is a collection(KVStore) which holds the checkpoint value.  You can likely edit to change or remove the current value.  I recommend keeping a backup cause editing this on your own comes with a risk, but in a test environment I would have no problem trying this first.

[TA_MS_AAD_checkpointer]
field.state = string

View solution in original post

Reply
Solved! Jump to solution
Solution

dural_yyz
Motivator
‎11-20-2024 06:29 AM

There is a collection(KVStore) which holds the checkpoint value.  You can likely edit to change or remove the current value.  I recommend keeping a backup cause editing this on your own comes with a risk, but in a test environment I would have no problem trying this first.

[TA_MS_AAD_checkpointer]
field.state = string
Reply
Solved! Jump to solution

stevebrown
Engager
‎11-21-2024 02:43 AM

Great thanks @dural_yyz I'll try that.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...