1

I'm trying to configure and use the Azure Data Explorer OneClick Ingest from blob container (continous ingest). Whatever I try the URL is never accepted, I always end up with this error: Invalid URL. Either the URL leads to a blob instead of a container, or the permissions are incorrect. If you just grant permission, please wait couple of minutes and try again.

enter image description here

The URL I'm using follow that pattern: https://mystorageaccount.blob.core.windows.net/mycontainer?sp=rl&st=2022-04-26T22:01:42Z&se=2032-04-27T06:01:42Z&spr=https&sv=2020-08-04&sr=c&sig=Z4Mlh7s5%2Fm1890kdfzlkYLSIHHDdGJmTSyYXVYsHdn01o%3D

I'm probably missing something, either in the URL syntax ou SAS generation.

Has anyone successfully used it? Any idea what could be wrong? Thanks

jeromesubs
  • 63
  • 1
  • 7
  • Works like magic. What happens when you try the "Select container" option instead of the "Add URL" option? – David דודו Markovitz Apr 27 '22 at 13:53
  • Same error message.... Is there a requirement on the storage account? I have a std and both are in the same resource group. – jeromesubs Apr 27 '22 at 17:35
  • What is the type of the storage? – David דודו Markovitz Apr 27 '22 at 18:36
  • It's a standard, LRS, General Purpose v2. I also tried to ingest the blob in Python script, and I get this error: Failed to download blob: Access to persistent storage path https://mystorage.blob.core.windows.net/my-container/release-deployments.json' was denied (operation 'BlobPersistentStorageFile.DownloadToFileAsync'). In the script I authenticated with a user assigned managed identity. I gave both the user assigned managed identity and the Adx Cluster Managed Identity, the permission "Blob Storage Data Contrbutor" on the storage container – jeromesubs Apr 27 '22 at 19:03
  • When I tested it earlier today I created the SAS based on the account key – David דודו Markovitz Apr 27 '22 at 19:16
  • Did you generate your SAS URL with List & Read permissions for the required container? – atefsawaed Apr 28 '22 at 12:25
  • Thanks David and atefsawaed, see my solution below :) – jeromesubs Apr 28 '22 at 12:45

1 Answers1

1

I finally found out what was the issue. Probably due to the security in place on my Storage account I had to create in Azure Data Explorer Networking panel, a Managed private enpoint, pointing to my storage resource (and then approve that endpoint in the storage account Networking)

https://learn.microsoft.com/en-us/azure/data-explorer/security-network-managed-private-endpoint-create

jeromesubs
  • 63
  • 1
  • 7