cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
undercd
Explorer
Member since: ‎07-08-2019
‎06-05-2020
Community Statistics
Posts 3
Solutions 1
Karma Given 1
Karma Received 0
Member Since ‎07-08-2019
Activity Feed
View All

Re: Unable to get event hub creds: unauthorized, i...

by in All Apps and Add-ons
‎04-20-2020 08:47 PM
‎04-20-2020 08:47 PM
This can be resolved by setting the environment in 3 separate files located in %SPLUNK_HOME%/etc/apps/TA-Azure_Monitor/bin/: azure_environment.py os.environ[‘AZURE_ENVIRONMENT’] = “<your_environment>” For Linux servers, add the following line to the azure_activity_log.sh and azure_diagnostic_logs.sh files: export AZURE_ENVIRONMENT=<your_environment> For Windows servers, add the following line to azure_activity_log.cmd and azure_diagnostic_logs.cmd files: set AZURE_ENVIRONMENT=<your_environment> The available environments are: AzureCloud AzureUSGovernment AzureChinaCloud AzureGermanCloud ... View more

Re: Unable to get event hub creds: unauthorized, i...

by in All Apps and Add-ons
‎09-04-2019 08:31 AM
‎09-04-2019 08:31 AM
I've identified that the issue seems to be a problem with going between the Azure Commercial and Azure US Government clouds. I'm able to replicate the issue in the Azure CLI by leaving the cloud set to the default, and can resolve the error in the Azure CLI by changing to the AzureUSGovernment cloud. I've been in contact with the primary developer, and he's able to access his govcloud using the app, but I'm still getting the same error, even after setting the environment in the app's files (azure_activity_log.sh and azure_diagnostic_logs.sh) ... View more

Unable to get event hub creds: unauthorized, inval...

by in All Apps and Add-ons
‎08-23-2019 02:59 PM
‎08-23-2019 02:59 PM
I've configured our Azure and the Azure Monitor Add-on for Splunk per the documentation, but I'm not getting any logs. I checked splunkd.log, and I'm receiving the following error: 08-23-2019 13:49:28.720 -0700 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\etc\apps\TA-Azure_Monitor\bin\azure_activity_log.cmd"" Modular input azure_activity_log:// AzureActivityLogs Error getting event hub creds: StatusCodeError: 401 - {"error":{"code":"Unauthorized","message":"AKV10032: Invalid issuer. Expected one of https://sts.windows.net/[redactedSubscription/TenantID?]/, https://sts.windows.net/[redactedSubscription/TenantID?]/, https://sts.windows.net/[redactedSubscription/TenantID?]/, found https://sts.windows.net/[redactedMyAzureADTenantID/."}} I'm assuming the 3 "expected" are either subscription or tenant IDs, but they're not familiar, and I don't see them in our Azure environment anywhere. The "found" is my tenant ID, taken directly from the Azure AD properties page. Any idea how to resolve this, or even where to start, or where else I can look? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All