All Apps and Add-ons

Error when ingesting Azure Activity Log: No connection on hub: insights-operational-logs.

ejwade
Contributor

After configuring Azure Monitor Add-On in Splunk and Azure, I receive the following error from splunkd:

ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" Modular input azure_activity_log:// No connection on hub: insights-operational-logs. Is there a network route to the endpoint?

I am using Splunk's proxy variable to send traffic through our Squid proxy. Is this compatible with the add-on?

Nothing is getting denied in the proxy - I'm allowing access to login.microsoftonline.com and .vault.azure.net. Python and Nodejs dependencies have been installed as well.

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

This add-on does not support a proxy server directly. The add-on uses AMQP to connect to the Azure event hubs for activity data and diagnostic logs, so setting the HTTP proxy in server.conf doesn't help. Some people have either run the add-on inside of Azure via a heavy forwarder on an Azure VM, or have a heavy forwarder that doesn't need a proxy for an outbound connection.

View solution in original post

jconger
Splunk Employee
Splunk Employee

This add-on does not support a proxy server directly. The add-on uses AMQP to connect to the Azure event hubs for activity data and diagnostic logs, so setting the HTTP proxy in server.conf doesn't help. Some people have either run the add-on inside of Azure via a heavy forwarder on an Azure VM, or have a heavy forwarder that doesn't need a proxy for an outbound connection.

ejwade
Contributor

Thank you, jconger. I'll give it a try without the proxy and report back.

0 Karma

ejwade
Contributor

That was it! Thank you, jconger!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...