After my logs stopped flowing in from the Microsof...

fredshino · ‎09-13-2018

The Add-on was working fine, lots of logs flowing in during the past week, but yesterday around 12pm the logs stopped flowing in.

I see some error messages in the internal logs:

"SSLError: EOF occurred in violation of protocol"

Screenshot:

@jkat54, Any ideas why these errors started all of a sudden?

jkat54 · ‎01-16-2019

@fredshino can you come back to this post and provide an update please?

fredshino · ‎09-17-2018

@jkat54, have you had a chance to look at this?

Thanks in advance!

jkat54 · ‎09-17-2018

It looks like the most common cause of this is out of date / less secure versions of openssl.

Which version of splunk are you using?

fredshino · ‎09-17-2018

7.0.3

Any tips on where to start troubleshooting this? Our Splunk deployment is huge and according to our Splunk team, upgrading to a newer version is not feasible at this moment.

jkat54 · ‎09-17-2018

Any chance you have a web proxy or firewall that is malforming the request?

I think that could cause this too,

Troubleshooting this app can be difficult, so hang in there and we’ll get you fixed.

You can google azure log analytics and find curl examples for testing queries, etc.

I’ve seen people use postman app to get auth token and test queries.

jkat54 · ‎09-27-2018

Any updates here @fredshino ?

After my logs stopped flowing in from the Microsoft Log Analytics Add-on, I got the following "SSLError"

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms