Hi Michael,
Here's the anonymized contents of /opt/splunk/var/log/splunk/ta_oms_inputs_oms_inputs.log with debug logging enabled for the add-on
2018-xx-xx xx:28:33,494 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:35,251 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:38,184 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:41,160 INFO pid=36937 tid=MainThread file=splunk_rest_client.py:_request_handler:100 | Use HTTP connection pooling
2018-xx-xx xx:28:41,160 DEBUG pid=36937 tid=MainThread file=binding.py:get:664 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/TA_OMS_Inputs_checkpointer (body: {})
2018-xx-xx xx:28:41,161 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:41,171 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/TA_OMS_Inputs_checkpointer HTTP/1.1" 200 5526
2018-xx-xx xx:28:41,172 DEBUG pid=36937 tid=MainThread file=binding.py:new_f:71 | Operation took 0:00:00.011681
2018-xx-xx xx:28:41,172 DEBUG pid=36937 tid=MainThread file=binding.py:get:664 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/ (body: {'offset': 0, 'search': 'TA_OMS_Inputs_checkpointer', 'count': -1})
2018-xx-xx xx:28:41,175 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/?offset=0&search=TA_OMS_Inputs_checkpointer&count=-1 HTTP/1.1" 200 4724
2018-xx-xx xx:28:41,177 DEBUG pid=36937 tid=MainThread file=binding.py:new_f:71 | Operation took 0:00:00.005082
2018-xx-xx xx:28:41,179 DEBUG pid=36937 tid=MainThread file=binding.py:get:664 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-OMS_Inputs/storage/collections/data/TA_OMS_Inputs_checkpointer/last_date (body: {})
2018-xx-xx xx:28:41,181 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-OMS_Inputs/storage/collections/data/TA_OMS_Inputs_checkpointer/last_date HTTP/1.1" 404 140
2018-xx-xx xx:28:41,192 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Authority:Performing instance discovery: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2018-xx-xx xx:28:41,192 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Authority:Performing static instance discovery
2018-xx-xx xx:28:41,192 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Authority:Authority validated via static instance discovery
2018-xx-xx xx:28:41,193 INFO pid=36937 tid=MainThread file=log.py:info:103 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - TokenRequest:Getting token with client credentials.
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - TokenRequest:No user_id passed for cache query
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:finding with query: {"_clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Looking for potential cache entries:
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:{"_clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Found 0 potential entries.
2018-xx-xx xx:28:41,207 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): login.microsoftonline.com
2018-xx-xx xx:28:41,383 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:400 | https://login.microsoftonline.com:443 "POST /xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/token?api-version=1.0 HTTP/1.1" 200 1376
2018-xx-xx xx:28:41,386 INFO pid=36937 tid=MainThread file=log.py:info:103 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Get Token Server returned this correlation_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2018-xx-xx xx:28:41,387 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Adding entry AccessTokenId: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2018-xx-xx xx:28:41,391 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Added entry is MRRT
2018-xx-xx xx:28:41,393 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): management.azure.com
2018-xx-xx xx:28:43,433 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:400 | https://management.azure.com:443 "POST /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/x-xxx-xx-xxxx-xxx-xx/providers/Microsoft.OperationalInsights/workspaces/xxxxxx-xxx-xxxxx/search?api-version=2017-04-26-preview HTTP/1.1" 200 None
2018-xx-xx xx:28:43,465 DEBUG pid=36937 tid=MainThread file=base_modinput.py:log_debug:286 | OMSInputName="PCEtest" status="200" step="Post Query" search_params="{'start': '2018-xx-xxT00:00:00', 'top': '1000', 'query': 'Type=xxxxxxxxx', 'end': '2018-xx-xxTxx:28:41'}'
2018-xx-xx xx:28:43,619 ERROR pid=36937 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/modinput_wrapper/base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py", line 96, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/input_module_oms_inputs.py", line 108, in collect_events
event = Event()
NameError: global name 'Event' is not defined
... View more