- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Event Hub input configured for Azure Monitor Add O...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Event Hub input configured for Azure Monitor Add On for Splunk but no data being indexed
We've setup the Event hub input according to the instructions included in the app and are not getting data into the index. We are also not getting any errors in the internal logs.
Here's what I do see in the internal logs.
index=_internal host=<heavy forwarder> source=*hub*
2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:41:40,798 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-843ec71b': Created the Event Hub client
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:41:39,464 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:38,196 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:37,448 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:36,413 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:40:40,777 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-4adf6449': Created the Event Hub client
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:40:39,481 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:38,240 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
@jconger Any help is greatly appreciated!
Archived Metrics Now Available for APAC and EMEA realms
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
