We are running Splunk Enterprise 7.0.1
On our Splunk Heavy forwarder we installed and configured "Splunk add-on for Microsoft Cloudservices "(current version 2.0.3)
We stopped receiving any data in Splunk for that add-on as of yesterday evening.
Troubleshooting page for that add-on looks ok. It shows "Certificate Status: Auto-generated and verified as valid"
There are few errors: & warnings in Splunk internal index (sample errors to follow).
Any advices on how to approach this issue and possibly fix it will be appreciated.
Here are patterns of errors and warnings :
1) ...File "/export/opt/splunk/lib/python2.7/ssl.py", line 653, in read v = self._sslobj.read(len) SSLError: ('The read operation timed out',)
source = $SPLUNK_HOME/var/log/splunk/splunk_ta_microsoft-cloudservices_management.log
2) File "/export/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunktamscs/httplib2/__init__.py", line 1059, in connect raise SSLHandshakeError(e) SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)
source = $SPLUNK_HOME/var/log/splunk/splunk_ta_microsoft-cloudservices_management.log
3) Pipeline data does not have indexKey. [_path] = /export/opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/ms_o365_management.py\n[_raw] = \n[_meta] = punct::\n[_stmid] = xeoUyu7qLzDHQE\n[MetaData:Source] = source::ms_o365_management\n[MetaData:Host] = host::dc1nix2p69\n[MetaData:Sourcetype] = sourcetype::ms_o365_management\n[_done] = _done\n[_linebreaker] = _linebreaker\n[_conf] = source::ms_o365_management|host::dc1nix2p69|ms_o365_management|\n
sourcet:/export/opt/splunk/var/log/splunk/splunkd.log
Thank you!
↧