I have a Splunk instance up and running and I have installed a Azure Connector to retrieve azure audit logs against Azure Government Cloud. I have modified AzureAudit.py on the Splunk server, but still getting a message "waiting for Data..." when searching against the data summary
Because the Splunk connector calls Azure Insights REST API, is their a way to read log files on these REST API calls to see what is failing? Do connectors in general store log files in /opt/splunk/var/log/splunk ? Or maybe a different directory or log file?
↧