New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Function App Not Bringing Logs into Sentinel #10343
Comments
Hi @laylavo, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 25-04-2024. Thanks! |
Hey, Could you please check the configuration in Auth0 portal side. Please find below readme file for detailed steps:- After updating the function app make sure to restart the function app. so changes get reflected. Thanks! |
Many thanks for the update, I'll monitor it closely with cx and get back to to you with the outcome. |
Hey @laylavo, please let us know once it completed. so, we can close this issue from GitHub. Thanks! |
Hey @laylavo, Any update for us? |
I'm sorry for not updating you promptly. I am pushing and following up but receiving no response from cus since I sent them the troubleshooting steps |
I will update you immediately once cx responds the outcome. |
@laylavo, Sure. Thanks! |
Describe the bug
The customer is encountering an issue with their Function App, which is failing to deliver logs to Microsoft Sentinel. They have
five function apps that were initially successfully bringing in logs using theAuth0 Data Connector(ARM template) on Sentinel. However, they recently observed that Sentinel workspace are no longer receiving logs, no logs are presented even though from the Function App which indicates that data is being grabbed and successfully sent to Sentinel.
To Reproduce
Steps to reproduce the behavior:
Go to Function App in Azure portal
Click on the Function App's name
In the navigation bar click on Monitor
Click on the newest date to show the Invocation details to see all the logs were successfully sent to Sentinel by April 16, 2014
Go to Microsoft Sentinel in Azure portal
Select a Sentinel workspace's name
In the navigation bar select Content hub
Enter Auth0 in the search box
Click on Manage
Select the checkbox for Auth0 Access Management(using Azure Functions) to see the chart displayed the logs just sent to Sentinel within April 14, 2024.
Expected behavior
Customer expects that Sentinel workspace can receive the logs from Function apps through Auth0 data connector normally.
Screenshots
Cannot add files or paste the screenshots
Issue investigation:
+I have checked on ASC to check ingestion delays but it also showed the logs flowing into sentinel by 2024-04-14.
The text was updated successfully, but these errors were encountered: