The Add-on was working fine, lots of logs flowing in during the past week, but yesterday around 12pm the logs stopped flowing in.
I see some error messages in the internal logs:
"SSLError: EOF occurred in violation of protocol"
Screenshot:
@jkat54, Any ideas why these errors started all of a sudden?
@fredshino can you come back to this post and provide an update please?
@jkat54, have you had a chance to look at this?
Thanks in advance!
It looks like the most common cause of this is out of date / less secure versions of openssl.
Which version of splunk are you using?
7.0.3
Any tips on where to start troubleshooting this? Our Splunk deployment is huge and according to our Splunk team, upgrading to a newer version is not feasible at this moment.
Any chance you have a web proxy or firewall that is malforming the request?
I think that could cause this too,
Troubleshooting this app can be difficult, so hang in there and we’ll get you fixed.
You can google azure log analytics and find curl examples for testing queries, etc.
I’ve seen people use postman app to get auth token and test queries.
Any updates here @fredshino ?