I recently installed the Splunk Add-on for Microsoft Azure, and from what I can see, the logs are not being imported. I'm trying to get logs from an Azure cloud service. I've verified there are trace logs in the table, but for some reason the add-on is not ingesting them
Is there any kind of troubleshooting I can do?
thanks
Garry
The add-on writes logs about itself to the special _internal index. Try the following search to look for errors/messages:
index=_internal sourcetype=splunkd Azure*
Also, a new version of the add-on was recently released that addressed a bug with the generic table collector. https://splunkbase.splunk.com/app/3084/
thanks for the quick response...
When I run that query I get
05-10-2016 16:38:46.969 -0400 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-Azure/bin/AzureWebsiteDiagnostics.py" /export/splunk/etc/apps/TA-Azure/bin/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
I've set up the data input as:
Data inputs » Azure Website Diagnostics »
What should be used for Site diagnostics container name? I have "wad-control-container"
thanks
Garry