When trying to onboard a new Crowdstrike Event Streams log source I receive authentication errors.
Depending on the specific error message, different fixes may apply:
"Failed to generate access token for clientID"
: You should correct the client id value
"Failed to issue access token - Client authentication failed"
(e.g., unknown client, no client authentication included, or unsupported authentication method): You should correct the secret value
"Failed to generate access token for customer ID"
: You should correct the member cid or you shouldn't type a member cid at all (for example, if you fetched your customer ID from your Falcon instance)
If you are seeing a 403 access denied error please check this knowledge base article for more context:📄 Error: 403 access denied from Crowdstrike log source