How to troubleshoot why the Splunk Add-on for Micr...

gcyre · ‎05-10-2016

I recently installed the Splunk Add-on for Microsoft Azure, and from what I can see, the logs are not being imported. I'm trying to get logs from an Azure cloud service. I've verified there are trace logs in the table, but for some reason the add-on is not ingesting them

Is there any kind of troubleshooting I can do?

thanks
Garry

jconger · ‎05-10-2016

The add-on writes logs about itself to the special _internal index. Try the following search to look for errors/messages:

index=_internal sourcetype=splunkd Azure*

Also, a new version of the add-on was recently released that addressed a bug with the generic table collector. https://splunkbase.splunk.com/app/3084/

gcyre · ‎05-10-2016

thanks for the quick response...

When I run that query I get

05-10-2016 16:38:46.969 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureWebsiteDiagnostics.py" /export/splunk/etc/apps/TA-Azure/bin/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

I've set up the data input as:
Data inputs » Azure Website Diagnostics »

What should be used for Site diagnostics container name? I have "wad-control-container"

thanks
Garry

How to troubleshoot why the Splunk Add-on for Microsoft Azure is not grabbing trace logs from an Azure cloud service?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!