All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Event Hub input configured for Azure Monitor Add On for Splunk but no data being indexed

rachaelcrook89
Explorer
‎09-29-2020 02:48 PM

We've setup the Event hub input according to the instructions included in the app and are not getting data into the index. We are also not getting any errors in the internal logs. 

Here's what I do see in the internal logs. 

index=_internal host=<heavy forwarder> source=*hub*

2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:41:40,799 DEBUG pid=31407 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:41:40,798 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-843ec71b': Created the Event Hub client
2020-09-29 16:41:40,797 INFO pid=31407 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:41:40,797 DEBUG pid=31407 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:41:39,464 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:38,196 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:37,448 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:41:36,413 INFO pid=31407 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=__init__.py:initialize:157 | Initializing platform.
2020-09-29 16:40:40,778 DEBUG pid=28651 tid=MainThread file=client.py:open:234 | Opening client connection.
2020-09-29 16:40:40,777 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Destroying 'AMQPValue'
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=message.py:__init__:109 | Deallocating 'AMQPValue'
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=client_abstract.py:__init__:161 | u'eventhub.pysdk-4adf6449': Created the Event Hub client
2020-09-29 16:40:40,776 INFO pid=28651 tid=MainThread file=setup_util.py:log_info:114 | Proxy is not enabled!
2020-09-29 16:40:40,776 DEBUG pid=28651 tid=MainThread file=base_modinput.py:log_debug:286 | _Splunk_ Getting proxy server.
2020-09-29 16:40:39,481 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2020-09-29 16:40:38,240 INFO pid=28651 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1

 

@jconger  Any help is greatly appreciated!

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...