- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Azure Event Hubs Connector - Modular Input: Bu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure Event Hubs Connector - Modular Input: Bug detected on version 1.0.1
Hi,
All of your files have ^M at end of the lines. You have to edit or construct your Add-on on Windows Server ?
Splunk Heavy Forwarder crash with that.
Regards
Romux
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/
regards,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @romux,
That is not a bug. As you can see in the Compatibility section, this addon works only on Windows Server instances. Nevertheless I'll be working on make it more os platform compatible.
regards,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @romux,
Thanks for posting. Could you give us some more context for your query? You have a much better chance of getting your question answered if you provide more information about your issue. Plus, it will help guide future community users who are facing a similar problem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
See an extract of input.conf (This is specific of Windows to UNIX format). You need to make dos2unix. All of your file (conf, python script) have escape character ^M
https://unix.stackexchange.com/questions/134695/what-is-the-m-character-called
[azure_event_hubs_capture_logs]**^M**
start_by_shell = false**^M**
sourcetype = eventhubslogs^M
interval = 30^M
disabled = 0^M
^M
Splunk failed to load module because all of your files have this character.
Regards
Romux
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have an Error on splunkd.log
09-17-2018 13:02:52.305 +0200 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init\n hand.execute(info)\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 594, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/TA-azure-event-hubs-connector---modular-input/bin/ta_azure_event_hubs_connector_modular_input/splunk_aoblib/rest_migration.py", line 38, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/TA-azure-event-hubs-connector---modular-input/bin/ta_azure_event_hubs_connector_modular_input/splunktaucclib/rest_handler/admin_external.py", line 40, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/TA-azure-event-hubs-connector---modular-input/bin/ta_azure_event_hubs_connector_modular_input/splunktaucclib/rest_handler/handler.py", line 118, in wrapper\n raise RestError(exc.status, exc.message)\nRestError: REST Error [404]: Not Found -- HTTP 404 Not Found -- {"messages":[{"type":"ERROR","text":"Not Found"}]}\n
Enterprise Security Content Update (ESCU) | New Releases
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
