OCI Data Connector requires cursor group with static name but is not documented

[PCNZ]

Describe the bug Deploy the Oracle Cloud Infrastructure (OCI) data connector and function app as per the instructions. Function app cannot connect to OCI as the instruction's mis a step - the cursor group name in the OCI stream configuration must be hard coded to be group1. https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Oracle%20Cloud%20Infrastructure/Data%20Connectors/AzureFunctionOCILogs/main.py Within the python script is where the name group1 is hard coded.

To Reproduce Deploy the OCI data connector as per instructions, get errors and function app does not collect logs.

Expected behavior Steps in data connector and guides which mention what the cursor type value should be set to when deploying the function app and prior to this when creating the stream in OCI. Ideally provide a way to specify the cursor group name as a variable for the function app - so it's not hard coded to group1.

Please update these pages with clear instructions. https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Oracle%20Cloud%20Infrastructure/Data%20Connectors/azuredeploy_OCI_logs_API_FunctionApp.json and https://docs.oracle.com/en/learn/oci-logs-ms-azure-sentinel/index.html#introduction

Screenshots Function app, New fields - cursor type and message limit - required but not documented.

Additional context Cursor type was added to the python code around January 2023 but the instructions were not updated.

[github-actions[bot]]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-rbajaj]

Hi @PCNZ, thanks for flagging this, we will get back to you by 17 Oct 2023.

[v-muuppugund]

Hi @PCNZ ,After initial analysis, noticed that the issue exists and will work on issue resolution and ETA is 02Nov23

[v-muuppugund]

Hi @PCNZ , raised PR for it https://github.com/Azure/Azure-Sentinel/pull/9329 and waiting for approval, will update you once done by 06Nov23.

[v-sudkharat]

Hi @PCNZ, Hope you are doing well. The PR review still in progress, we will share an update with you. Once the review is done. Thanks!

[v-muuppugund]

Hi @PCNZ , This PR review still is in progress, we will share an update with you.once the review is done.Thanks!

[v-muuppugund]

@PCNZ The above PR is still under internal review,will post updates by 14Nov23

[v-muuppugund]

@PCNZ The above PR is still under internal review,will post updates by 17Nov23

[v-muuppugund]

@PCNZ ,The above PR is under internal review ,will post updates by 21Nov23

[v-muuppugund]

@PCNZ ,Working on internal review changes ,will get back to you 24Nov23

[v-muuppugund]

@PCNZ Will update you once the PR is completed

[v-muuppugund]

@PCNZ ,just want to update there are review comments for ARM template changes and code changes, so completed the changes, locally testing it, so once done. Will push to live, will keep you updated, Thanks.

[v-muuppugund]

@PCNZ Apologies for the delayed response,will be sharing the package for today eod for testing ,so will proceed with the pushing it

[v-muuppugund]

@PCNZ Apologies for the delayed response,will be sharing the package for today eod for testing ,so will proceed with the pushing it

@PCNZ yesterday didn't get chance to share the package,today will share it

[v-muuppugund]

@PCNZ Apologies for the delayed response,will be sharing the package for today eod for testing ,so will proceed with the pushing it

@PCNZ yesterday didn't get chance to share the package,today will share it

HI @PCNZ , Apologies for delay in my end as blocked with high priority work,Please follow the below steps

1. Please use ARM template (https://github.com/Azure/Azure-Sentinel/blob/users/v-muppugundu/OCIDocumentationupdates/Solutions/Oracle%20Cloud%20Infrastructure/Data%20Connectors/azuredeploy_OCI_logs_API_FunctionApp.json) and enter cursor type as group then Group Name and Group Instance Name mandatory
2. Deploy the new function app with Group instance and Group name created in oracle if needed we can have a call to explain in detail

[v-sudkharat]

Hi @PCNZ, I hope you are doing well. We are waiting for your response on above comment. Thanks!

[v-muuppugund]

Hi @PCNZ , Gentle Reminder,Could you please check on the above steps and share updates,I have scheduled call on Monday for Oracle AMA issue updates,We can discuss on that call,thanks.

[v-muuppugund]

Hi @PCNZ ,I have blocked calendar yesterday ,but unable to connect with you as you have declined ,Will block calendar again for testing this and close it from my end,Thanks.

[v-muuppugund]

Hi @PCNZ ,As discussed over teams, blocked calendar in teams, Please let me know if this time isn't convenient.

[v-muuppugund]

Hi @PCNZ ,as discussed yesterday over call, as you have don't have license and sdk based call,so need to test this package,will test with another customer and will update you once completed.

[v-muuppugund]

@PCNZ , today have a call with another customer who having oracle license ,will update you post the call.

[v-muuppugund]

@PCNZ , tested the issue with the cx i.e. (https://github.com/Azure/Azure-Sentinel/issues/10013) it worked, but unable to proceed to get results as cx having another issue,so will merge this pr with that issue i.e. ((https://github.com/Azure/Azure-Sentinel/issues/10013)),will update you once merged in the same issue,. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation!