Cisco Meraki Events via REST API overutilization and data duplication #10675
Comments
|
Hi @shaunyb93, |
|
@v-rusraut has there been any progress on this issue? |
|
Hi @shaunyb93, Sorry for delay in response. Just want to know, after clicking on disconnect button, the connector status still show as connected? Did you tried it to disconnect the connector by that option? - Thanks! |
|
Hi, Yes I have disconnected the connector as it does not work properly. We are seeing the getOrganizationConfigurationChanges running ~21000 times per hour We are also seeing changes from are being retrieved by the connector using the getOrganizationConfigurationChanges function are duplicated thousands of times in the ASimAuditEventLogs table. Thanks |
|
Any update here? |
|
Hey @shaunyb93, Still checking this issue with team, need some more time to investigate on it. Thanks! |
|
In 24 hours the connector has called the meraki dashboard 700,000 times. It is causing other applications to rate-limit. It is causing rate limiting both with itself and with other applications: |
|
Several events have also been duplicated tens if not hundreds of thousands of times (this is the exact same event with the exact same timestamp, not multiple similar events) just within the last 24 hours. In the last 7 days it's approaching millions of duplicates for some records. @v-sudkharat This needs to be addressed, it is costing us a large amount of wasted ingestion money and this connector is not ready for production, it appears its method of timestamping when the last events had arrived is not operating correctly |
|
@JustinGrote Somewhat relieved that someone else is seeing the same issue. We had to disconnect the connector as it was just going crazy with duplication. The connector is marked as being in a preview state so I presume some bugs are expected but it seems really difficult to get any focus on a fix - 2 months and counting on this ticket... |
|
Hi @JustinGrote and @shaunyb93, We are connecting with our concern team for this issue, and once we get any update from team, we will notify you. Thanks! |
|
@shaunyb93 agreed, I tried to develop a codeless connector but they are such black boxes it's impossible to see what's going on, so I've been authoring an Azure Function to do this same thing instead. |
|
Hi @shaunyb93 / @JustinGrote, We have received the response from our concern team for this issue, to verify the duplication, checking with you while requesting the API directly (using tool: Postman) with adding same definitions as mentioned into data connector like Time, as a result did you get the data duplication? Could you please check on this and let us know, so we can share this update with our team. Thanks! |
|
No duplication from the API, in fact I made my own Azure Function to ingest this same data and it works just fine with no deduplication and vastly less API calls. The team should probably be able to verify by signing up for a Meraki Dashboard emulation account |
|
@JustinGrote, Thanks for the response. We have shared this update to concern team. @shaunyb93 / @JustinGrote, Please let us know once you open a support case. Thanks! |
|
@v-sudkharat can you advise which team we should be raising this with? last time I tried to raise a support case for a Sentinel connector issue, Microsoft (the developer) advised they cannot assist and just point fingers at Cisco... |
|
@v-amolpatil is the one who committed the solution, and has been doing other OMS/AMA migrations in his recent commit history. |
|
Team, we would also like to report experiencing this issue as well. We are seeing 700,000+ requests a day which causes rate limiting issues with the Meraki REST API. Is there an eta on resolution regarding this bug? We are going to have to stop using the data connector until a bug fix is applied as its impacting other apps that are using the Meraki REST API. |
|
Hi @shaunyb93 / @JustinGrote / @mferrellen, Please raise a support case with Data Collection team, so the ticket get transfer to our concern team. Thanks! |
|
Hi @shaunyb93, Could you please confirm did you raise a support case? Thanks! |
|
@v-sudkharat yes |
|
Just found this thread and unhappy to report we're seeing the same thing after just setting this up this morning. @JustinGrote - Any chance you could share that Azure function? I'd love to use that to tide us over until the connector can be fixed. |
|
@Nico-WA I'm exploring with my company on that but it's currently company IP unfortunately. It also does a lot more than just the 3 categories the connector uses, it parses network events for wireless logons, 802.1x logons, eap logons, nbar blocks, cf blocks, and formats them all into ASIM using a DCR, and checkpoints the last log ingested into a blob so that future checks are resumed from that date. Only thing it doesn't do is flows, which we are going to leverage Works great and far less API calls with no duplicate records. In an hour it was only ~800 or so API calls, and any rate limiting issues we were seeing have completely disappeared. So it's absolutely possible once this connector is fixed. |
|
@JustinGrote - Ah, got it. I understand. I may dive into that rabbit hole to do it from scratch. Fun! But I do hope the connector gets resolved sooner rather than later. |
|
Thanks @shaunyb93 for open the case. |
|
Hi everyone, glad i've found something about this connector. I also experience the mentioned issue: Thats roughly 24 hours running the Data-Connector I have a question: |
|
@Weeman257 it uses the new codeless connectors format and the code is on their Github, sadly the codeless connector (which uses the user agent SCUBA which I assume is a MS codename) is very black-box in terms of how it works low-level, that part does not appear to be open source. The only thing you could potentially do here is modify the data collection rule it uses and change the transformKQL to only collect what you want. Note that if a transform rule filters more than 50% of the logs, anything above that it filters you still get billed for. |
|
@JustinGrote Thats why i wanted to modify the queries instead of the Collection Rules :D to only pay for what i want to have. Sad story... So we have to wait on the fix for the duplicate ingestion Maybe i will reach out to our Customer Success Manager from Microsoft to speed things up :D |
|
Literally just got off the phone with Microsoft support about this - sad to report that it doesn't look like they've really even looked into the issue at the moment so wouldn't hold breath on a fix... again, the connector is in a preview state so doubt any priority will be applied to fixing it |
|
I will add some pressure :P |
|
If worse comes to worst I'll discuss with my company for publishing our offering as a marketplace one for a reasonable fee, it works really well. |
|
Hi @JustinGrote / @shaunyb93 / @Weeman257, Thanks! |
|
@v-sudkharat are you referring to this PR #11195 or something internal? |
|
@JustinGrote, Yes, @shaunyb93 / @Weeman257 / @JustinGrote. The solution has been live now, Kindly update your solution and let us know if your issue gets resolve. |
|
Hi @shaunyb93, Could you please confirm the update resolves your issue? |
|
Hi @v-sudkharat |
|
@shaunyb93 , Thanks! |
|
Hi everyone, i still have duplicates:
|
|
One Addition: The Connector maxes out the Calls per Second (10 per second) which leads to a response code of the meraki api (Code [429)] |
|
@Weeman257 have you updated the solution and redeployed the connector as requested by @v-sudkharat ? |
|
Per looking at the PR, that only maybe fixes one of the log sources that I see. We developed our own connector and aren't wasting any more time on this one, until such time it's proven to be functional. |
Hi team
I understand that this connector is in preview but we are facing an issue and would like to report it.
We are seeing the getOrganizationConfigurationChanges running ~21000 times per hour
This is resulting in excess data being logged in ASimWebSessionLogs table
We are also seeing changes from are being retrieved by the connector using the getOrganizationConfigurationChanges function are duplicated thousands of times in the ASimAuditEventLogs table.
Please can we get some help with this - I will likely need to disconnect the connector.
Thank you
The text was updated successfully, but these errors were encountered: