All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Microsoft Azure Add on for Splunk no longer pulling event hub data

junshi
Explorer
‎01-28-2021 11:29 AM

Logs have been working fine until this week, now I get the error:

 

 

ERROR pid=15289 tid=MainThread file=base_modinput.py:log_error:307 | _Splunk_ Error getting event hub data for hub: insights-logs-signinlogs, resource: 3. Detail: The service was unable to process the request; please retry the operation. For more information on exception types and proper exception handling, please refer to http://go.microsoft.com/fwlink/?LinkId=761101 TrackingId:abe05384f2aa4f528eaad64feccc1e53_G8, SystemTracker:gateway5, Timestamp:

ErrorCodes.InternalServerError: The service was unable to process the request; please retry the operation. For more information on exception types and proper exception handling, please refer to http://go.microsoft.com/fwlink/?LinkId=761101 TrackingId:abe05384f2aa4f528eaad64feccc1e53_G8, SystemTracker:gateway5, Timestamp:

 

Also seeing these errors around the same time:

ERROR pid=48797 tid=MainThread file=base_modinput.py:log_error:307 | _Splunk_ Error getting event hub data for hub: insights-logs-auditlogs, resource: 2. Detail: ('Connection aborted.', BadStatusLine("''",))

This is happening for multiple hubs?

Azure App v2.1.0

Spunk v7.3.3

@jconger !

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

junshi
Explorer
‎02-18-2021 07:52 AM

Found the solution, the number of eventhub events had increased and the default settings for the Microsoft Azure Add-on App were no longer able to keep up.

I increased the setting for "Max batch Set Iterations" from 100 to 1000.

I then checked the eps for this source and saw a 50% increase. After a few days, the logs finally caught up and we are now pulling logs in a timely manner.

View solution in original post

Reply
Solved! Jump to solution
Solution

junshi
Explorer
‎02-18-2021 07:52 AM

Found the solution, the number of eventhub events had increased and the default settings for the Microsoft Azure Add-on App were no longer able to keep up.

I increased the setting for "Max batch Set Iterations" from 100 to 1000.

I then checked the eps for this source and saw a 50% increase. After a few days, the logs finally caught up and we are now pulling logs in a timely manner.

Reply
Solved! Jump to solution

pabaph
Engager
‎04-29-2021 01:23 AM

Hi junsi,

We are facing the same issue in one project with that particular TA. Which is the file where you modified that parameter? Thanks in advance.

Best regards.

0 Karma
Reply
Solved! Jump to solution

junshi
Explorer
‎04-29-2021 06:13 AM

You can get to the setting within the App.

Simply click on the INPUTS tab, then select your (EventHub) input.

Click EDIT.

The Max Batch settings are at the bottom of the window!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...