After my logs stopped flowing in from the Microsof...

fredshino · ‎09-13-2018

The Add-on was working fine, lots of logs flowing in during the past week, but yesterday around 12pm the logs stopped flowing in.

I see some error messages in the internal logs:

"SSLError: EOF occurred in violation of protocol"

Screenshot:

@jkat54, Any ideas why these errors started all of a sudden?

jkat54 · ‎01-16-2019

@fredshino can you come back to this post and provide an update please?

fredshino · ‎09-17-2018

@jkat54, have you had a chance to look at this?

Thanks in advance!

jkat54 · ‎09-17-2018

It looks like the most common cause of this is out of date / less secure versions of openssl.

Which version of splunk are you using?

fredshino · ‎09-17-2018

7.0.3

Any tips on where to start troubleshooting this? Our Splunk deployment is huge and according to our Splunk team, upgrading to a newer version is not feasible at this moment.

jkat54 · ‎09-17-2018

Any chance you have a web proxy or firewall that is malforming the request?

I think that could cause this too,

Troubleshooting this app can be difficult, so hang in there and we’ll get you fixed.

You can google azure log analytics and find curl examples for testing queries, etc.

I’ve seen people use postman app to get auth token and test queries.

jkat54 · ‎09-27-2018

Any updates here @fredshino ?

After my logs stopped flowing in from the Microsoft Log Analytics Add-on, I got the following "SSLError"

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!