@Knightrider1234 I found a solution. I searched and couldn't find an answer so I will post this here for anyone else that is experiencing the issue above. I initially started with the Microsoft Azure Add-on for Splunk. I found "The Event Hub input has been deprecated in this add-on. Please use the Splunk supported Splunk Add-on for Microsoft Cloud Services to ingest Event Hub data" on the inputs page of the app. I then figured out the difference: Microsoft Azure Add on for Splunk (now deprecated) -> ingests Eventhubs through old ClientSecret String Splunk Add-on for Microsoft Cloud Services -> ingests Eventhubs through modern Azure-AD app with Reader rights into eventhub You must navigate to Subscriptions -> your subscription -> Access Control (IAM) -> Select (+Add) and give the Splunk app Azure Event Hubs Data Receiver. In the Event Hub set-up of the Splunk Add-on for Microsoft Cloud Services give the FQDN only (e.g. lab-eventhub.servicebus.windows.net) and provide the event-hub name in the following field. This worked for me and I immediately started getting logs in. Hope this helps!
... View more