search

microsoft / AzureMonitorAddonForSplunk

A Splunk add-on (aka modular input) that brings Metrics and Diagnostic Logs from various Azure ARM resources and the subscription-wide Activity Log (aka Audit Log) to Splunk Enterprise.
Other
62 stars 45 forks source link

Data is not forwarded from Azure to Splunk even after connection works fine #66

Closed gaurav7961 closed 6 years ago

gaurav7961 commented 6 years ago

We are trying to forward Activity logs from Azure into Splunk. We have setup both systems as per https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.html and https://www.splunk.com/blog/2018/05/07/splunking-microsoft-azure-monitor-data-part-2-splunk-setup.html

There are no errors in connecting to Azure from Splunk but data is not forwarded. Also there are no logs so it's kind of mysterious that data is lost somewhere. In Azure, we can see data in Event hub and also we can see that data can be forwarded (we tested by creating a function app as a consumer of event hub)

sebastus commented 6 years ago

@gaurav7961 please contact me at golive@microsoft.com so we can figure out what's going on.

sebastus commented 6 years ago

@gaurav7961 I worked with another customer on this and discovered they had a firewall preventing the add-on from communicating with the internet. It somehow prevented the connection attempt from timing out, so nothing appeared in the log. I'm working on improving messaging in this scenario. Are you in a position to test it?

gaurav7961 commented 6 years ago

Hi Greg,

Thank you for your response. But now we are using function App instead of addon.

Best, Gaurav

From: Greg Oliver [mailto:notifications@github.com] Sent: Monday, September 17, 2018 2:40 PM To: Microsoft/AzureMonitorAddonForSplunk AzureMonitorAddonForSplunk@noreply.github.com Cc: Kumar, Gaurav gaurav.kumar@eon.com; Mention mention@noreply.github.com Subject: Re: [Microsoft/AzureMonitorAddonForSplunk] Data is not forwarded from Azure to Splunk even after connection works fine (#66)

@gaurav7961https://github.com/gaurav7961 I worked with another customer on this and discovered they had a firewall preventing the add-on from communicating with the internet. It somehow prevented the connection attempt from timing out, so nothing appeared in the log. I'm working on improving messaging in this scenario. Are you in a position to test it?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Microsoft/AzureMonitorAddonForSplunk/issues/66#issuecomment-421998473, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AoanStHv08ALbRhHPqrdCXM5gduZmpBLks5ub5gcgaJpZM4V8Xu3.