- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk Add-on for Microsoft Cloud Services: Wh...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running Splunk Add-on for Microsoft Cloud Services v 2.0.1.1
The directories underneath, var/lib/splunk/modinputs/ that are being written to by this Technology Add-on are not cleaning themselves up.
Does this get fixed in 2.1?
The performance of my heavy forwarder running this TA is very, very poor.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to support, this appears to be a known issue, although there is no information as to when a fix will be available nor any recommended best practices for manually maintaining the integrity of the instance running the TA.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok so to the other 20 folks following this question vainly hoping that something is going to happen, what are people doing to work around this? Is this a minor nuisance for most folks or actually a big deal for anyone? Any other gotchas with this aside from the logging verbosity?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's been no workaround by either Splunk or Microsoft ... so, I've just implemented a job to remove everything over 2 days old under the Azure related modinputs directories and run it every 4 hours.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you do see this issue please raise a support case and reference internal splunk bug number ADDON-12867 to get an update
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's feature enhancement request raised under ADDON-14309
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@vhallan_splunk is this for tracking purposes to determine whether or not this is worth fixing? Because spoiler alert, it is. When I was asking above about whether or not this was a major issue, I hadn't seen that due to the way it works, if you delete files, you reingest the blobs they corresponded to. If you don't delete files and you have people who just basically spray sh!t into blob storage, you end up bringing pretty much any filesystem to a grinding halt (NTFS dies early, but even Ext-4 doesn't like 4M+ files in a single directory!) Also, in the worst case, ingest starts looping even when you take the hit and don't delete the files.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to support, this appears to be a known issue, although there is no information as to when a fix will be available nor any recommended best practices for manually maintaining the integrity of the instance running the TA.
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
