Function App Not Bringing Logs into Sentinel

[laylavo]

Describe the bug
We are encountering an issue with their Function App, which is failing to deliver logs to Microsoft Sentinel. They have
five function apps that were initially successfully bringing in logs using theAuth0 Data Connector(ARM template) on Sentinel. However, they recently observed that Sentinel workspace are no longer receiving logs, no logs are presented even though from the Function App which indicates that data is being grabbed and successfully sent to Sentinel.

To Reproduce
Steps to reproduce the behavior:

1. Go to Function App in Azure portal

2. Click on the Function App's name

3. In the navigation bar click on Monitor

4. Click on the newest date to show the Invocation details to see all the logs were successfully sent to Sentinel by April 16, 2014

5. Go to Microsoft Sentinel in Azure portal

6. Select a Sentinel workspace's name

7. In the navigation bar select Content hub

8. Enter Auth0 in the search box

9. Click on Manage

10. Select the checkbox for Auth0 Access Management(using Azure Functions) to see the chart displayed the logs just sent to Sentinel within April 14, 2024.

Expected behavior
We understand that Sentinel workspace can receive the logs from Function apps through Auth0 data connector normally.

Screenshots
Cannot add files or paste the screenshots

Issue investigation:

• We have check the Function app and there is no issue

[v-sudkharat]

Hi @laylavo, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 25-04-2024. Thanks!

[v-sudkharat]

Hey, Could you please check the configuration in Auth0 portal side. Please find below readme file for detailed steps:-
https://github.com/Azure/Azure-Sentinel/blob/963275e36e107f09201a8b9ba17192583b68147b/Solutions/Auth0/readme.md

After updating the function app make sure to restart the function app. so changes get reflected.

Thanks!

[laylavo]

Many thanks for the update, I'll monitor it closely and get back to to you with the outcome.

[v-sudkharat]

Hey @laylavo, please let us know once it completed. so, we can close this issue from GitHub. Thanks!

[v-sudkharat]

Hey @laylavo, Any update for us?

[laylavo]

I'm sorry for not updating you promptly. I am pushing and following up but receiving no response since I sent the troubleshooting steps

[laylavo]

I will update you immediately once cx responds the outcome.

[v-sudkharat]

@laylavo, Sure. Thanks!

[v-sudkharat]

@laylavo, Any update for us? Thanks!

[laylavo]

I checking on the issue. Once i have update, I'll keep you posted. Thank you!

[v-sudkharat]

Ok, Noted