TA-MS-AAD error code 500

[jkw117]

I installed the add-on and I'm running 8.1.6 Everytime I hit the configuration/input page I receive this error. Error: Request failed with status code 500 I have yet to find pertinent logs as to why. But several seconds later, the service for splunk fails, crashes completely. I have yet to find a specific direction as to why/logs are empty. I have manually edited the config files. So that's weird.. This is a splunk onsite install. Also I've read conflicting information about whether this can work without it being a splunk cloud install. I am just trying to retrieve signin events that occur in Azure.

[JasonConger]

Is this a clean install or upgrade? I can confirm that this add-on works in both cloud and non-cloud environments. Finally, for Azure AD sign-in data, I would recommend using an event hub instead of this add-on due to throttling limits in the API this add-on uses. More information can be found in the Wiki here => https://github.com/splunk/splunk-add-on-microsoft-azure/wiki/Configure-Azure-Active-Directory-inputs-for-the-Splunk-Add-on-for-Microsoft-Azure

[jkw117]

This is a clean install. I did some digging around, in the logs found this:

Unable to initialize modular input "azure_virtual_network" defined in the app "TA-MS-AAD": Introspecting scheme=azure_virtual_network: script running failed (exited with code 1)..

Introspecting scheme=azure_virtual_network: script running failed (exited with code 1).

Introspecting scheme=azure_virtual_network: ModuleNotFoundError: No module named 'pwd' Introspecting scheme=azure_virtual_network: import pwd Introspecting scheme=azure_virtual_network: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in Introspecting scheme=azure_virtual_network: import import_declare_test Introspecting scheme=azure_virtual_network: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\azure_virtual_network.py", line 24, in Introspecting scheme=azure_virtual_network: Traceback (most recent call last): Unable to initialize modular input "azure_virtual_network" defined in the app "TA-MS-AAD": Introspecting scheme=azure_virtual_network: script running failed (exited with code 1).. Introspecting scheme=azure_virtual_network: script running failed (exited with code 1). So first thing is that module pwd isn't available in windows, only linux. So line 20 in the import_declare_test.py is loading the module but probably shouldn't be. I actually uninstalled and re-installed the module, same result. So I commented out the import module pwd on line 20 and can now load the config pages without it crashing. Apparently my work hasn't officially paid for the enterprise subscription yet, and we are on a trial version assigned to users. So I may not be getting data anyway.. But I was going to double check what I had in the cloud.

[JasonConger]

Addressed in 4.0.3