All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Event Hub input configured for Azure Monitor Add On for Splunk but no data being indexed

rachaelcrook89
Explorer
‎09-29-2020 02:48 PM

We've setup the Event hub input according to the instructions included in the app and are not getting data into the index. We are also not getting any errors in the internal logs. 

Here's what I do see in the internal logs. 

index=_internal host=<heavy forwarder> source=*hub*

2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:41:40,798 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-843ec71b': Created the Event Hub client
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:41:39,464 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:38,196 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:37,448 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:36,413 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:40:40,777 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-4adf6449': Created the Event Hub client
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:40:39,481 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:38,240 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1

 

@jconger  Any help is greatly appreciated!

Labels (2)
0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!