Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicate logs with GitHub API data ingestions #11404

Open
l-koppuravuri-BL opened this issue Nov 8, 2024 · 7 comments
Open

Duplicate logs with GitHub API data ingestions #11404

l-koppuravuri-BL opened this issue Nov 8, 2024 · 7 comments
Assignees
@v-rusraut @v-sudkharat
Labels
Connector Connector specialty review needed

Comments

@l-koppuravuri-BL
Copy link

Describe the bug
We tried using function apps and logic apps to ingest GitHub data to Sentinel, and we found that both solutions were producing duplicate data. We wanted to make sure before looking into the code to see if this was a known problem or if there were any imitations.

To Reproduce
Steps to reproduce the behavior:
1As mentioned in the documentation, deployed solutions and updated orgs , lastjobruntime.json files. jobs running with default schedule of 10 minutes.

Expected behavior
should not see the duplicate logs.

Screenshots
Image
@l-koppuravuri-BL
Copy link
Author

I have already looked into issue # #9356, but the solution offered has not helped because I am already using an org.json file with the new structure and do not see any rate limits.

@v-rusraut v-rusraut added the Connector Connector specialty review needed label Nov 11, 2024
@v-rusraut
Copy link
Contributor

Hi @l-koppuravuri-BL , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

@v-sudkharat
Copy link
Contributor

@l-koppuravuri-BL, you are using this data connector to pull the data ? - https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GithubFunction

And Is there any other connector configured and pointing out to the same workspace?

@l-koppuravuri-BL
Copy link
Author

l-koppuravuri-BL commented Nov 12, 2024
edited
Loading

@v-sudkharat No additional connectors are configured on this workspace.

@onyigbo
Copy link

onyigbo commented Nov 12, 2024

In the logic app step where you have the API url, were you able to specific the time interval and format (start and end time, some might want ISO format) based on Github documentation on how the API should be used?

@v-sudkharat
Copy link
Contributor

@l-koppuravuri-BL, Could you please confirm this connector has been configured - https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/GithubFunction

Or please let us know if any logic app has been set into env mentioned in above comment. Thanks!

@l-koppuravuri-BL
Copy link
Author

@v-sudkharat We have set up connectors based on both logic apps and function apps, and we have observed that they behave in the same way.

Since both connectors report to distinct log analytics workspaces, there should not be any conflicts or duplicate logs.

@onyigbo : I am not sure to whom you are addressing the time interval question, but I have not set it up that way and did not notice any input parameters during deployment. Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@v-rusraut v-rusraut

@v-sudkharat v-sudkharat

Labels
Connector Connector specialty review needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@l-koppuravuri-BL @v-rusraut @v-sudkharat @onyigbo