All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is the Splunk Add-on for Microsoft Cloud Services or Splunk Add-on for Azure Support collect Azure China?

Jianming
Engager
‎06-13-2023 07:52 PM

Hi everyone:

Splunk Add-on for Microsoft Cloud Services or Splunk Add-on for Azure Support collect Aure China? 

1. Splunk Add-on for Azure  

     i create a new account. and create new input.

    but see the log report error

    cat ta_ms_aad_azure_virtual_network.log
2023-06-14 10:32:07,118 INFO pid=4938 tid=MainThread file=setup_util.py:log_info:142 | Log level is not set, use default INFO
2023-06-14 10:32:07,118 INFO pid=4938 tid=MainThread file=setup_util.py:log_info:142 | Proxy is not enabled!
2023-06-14 10:32:08,558 ERROR pid=4938 tid=MainThread file=base_modinput.py:log_error:316 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-MS-AAD/lib/splunktaucclib/modinput_wrapper/base_modinput.py", line 140, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_virtual_network.py", line 212, in collect_events
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")
RuntimeError: Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID

 

2.  Splunk Add-on for Microsoft Cloud Services 

       when i was created azure app account, report  Account authentication failed. Please check your                credentials and try again

Who know, the two add-on is support Azure China or not ?

 

thanks 

 

Labels (1)
Labels
0 Karma
Reply

tarungupta0311
Explorer
‎07-03-2023 06:46 AM

To Pull China event Hub data, Splunk Add-on for Microsoft Cloud Services requires 2 changes:-
1st * Edit $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_azureaccount.py
* Around line 88, we need to add a check for the Azure China region

if account_class_type == str(AccountClassType.GOVCLOUD_ACCOUNT):
self.cloud_environment = azure_cloud.AZURE_US_GOV_CLOUD
elif account_class_type == str(AccountClassType.CHINA_ACCOUNT):
self.cloud_environment = azure_cloud.CHINA_ACCOUNT
else:
self.cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD

2nd to map the event hubs $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/local
Create “mscs_azure_accounts.conf”

[ProvideName]
account_class_type = 3
client_id = ******
client_secret = ******
tenant_id = ******

0 Karma
Reply

Jianming
Engager
‎07-16-2023 06:51 PM

modify this one is error: self.cloud_environment = azure_cloud.CHINA_ACCOUNT

the py file:  from msrestazure import azure_cloud,   sWeChat Image_20230717094716.png

so this is correct : self.cloud_environment = azure_cloud.AZURE_CHINA_CLOUD
 
but still error:
configuration inputs  such as azure resource
the log report
WeChat Image_20230717095051.png
the api link still use azure_public_cloud. 
0 Karma
Reply

tarungupta0311
Explorer
‎07-18-2023 11:00 PM

I am also getting an Authentication error - 

 

tarungupta0311_0-1689746402785.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...