Collect Azure China

[jinjm0324]

Hi, i would like to colllect Azure China, so i instead of the Azure public api url to china azure api url. the resource groups and vm is working. but i want to collect azure blob, its report Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-MS-AAD/lib/splunktaucclib/modinput_wrapper/base_modinput.py", line 140, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_metrics.py", line 137, in collect_events resources = az_resource_graph.get_resources_by_query(helper, access_token, query, subscription_id.split(","), environment, resources=[]) File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/resource_graph.py", line 63, in get_resources_by_query raise e File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_azure_utils/resource_graph.py", line 48, in get_resources_by_query r.raise_for_status() File "/opt/splunk/etc/apps/TA-MS-AAD/lib/requests/models.py", line 1021, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://management.chinacloudapi.cn/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01

what's the means ?

[JasonConger]

The Splunk Add-on for Microsoft Azure does not support the China region.

However, the error message means the Azure AD app registration used does not have the correct permissions added. Here is a spreadsheet that specifies necessary permissions for multiple Splunk add-ons =? https://bit.ly/Splunk_Azure_Permissions