This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
Unable to get Azure Activity Log and Azure Diagnostic Logs #29
Comments
|
The problem seems to be related to splunklib not being available in your python sitepackages folder. Can you do an 'ls' in your 'dist-packages and 'site-packages' folder of python and paste it here. |
|
I would agree. There's a PR working its way through validation that changes how python dependencies for the logs code works, but the python dependencies remain unchanged. At this time, the python deps are copied into the node bin/app folder. |
|
I haven't thoroughly debugged this, but investigation with another user yielded a workaround: copy the splunklib folder from bin to bin/app. |
|
Hello, I did what you have indicated, but I still have that error, is there anything else I can do? Help, please!! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I spin up a Splunk Enterprise in Azure and followed the steps (Azure configuration and Splunk configuration) but I'm unable to get Azure Activity Log and Azure Diagnostic Logs.
seeing the following errors in splunkd logs,
4/20/18
7:59:16.210 PM
04-20-2018 19:59:16.210 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" ImportError: No module named splunklib.client
host = standalone-vm source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
4/20/18
7:59:16.210 PM
04-20-2018 19:59:16.210 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" import splunklib.client as client
host = standalone-vm source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
4/20/18
7:59:16.210 PM
04-20-2018 19:59:16.210 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_diagnostic_logs.sh" File "mask_secret.py", line 31, in
host = standalone-vm source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
4/20/18
7:59:14.252 PM
04-20-2018 19:59:14.252 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" ImportError: No module named splunklib.client
host = standalone-vm source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
4/20/18
7:59:14.252 PM
04-20-2018 19:59:14.252 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" import splunklib.client as client
host = standalone-vm source = /opt/splunk/var/log/splunk/splunkd.log sourcetype = splunkd
4/20/18
7:59:14.252 PM
04-20-2018 19:59:14.252 +0000 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-Azure_Monitor/bin/azure_activity_log.sh" File "mask_secret.py", line 31, in
The text was updated successfully, but these errors were encountered: