https://community.splunk.com/t5/Getting-Data-In/Data-fields-in-Microsoft-Office-365-Reporting-Add-on-for-Splunk/m-p/583400#M102787 <P class="lia-align-left">Hi,</P><P class="lia-align-left">I have created an app in Azure given the permissions to the Office 365 management activity API and also created the Microsoft Office 365 Reporting Add-on in&nbsp;Splunk. The results when searching is not covering the fields i want. I want to get the subject of the email which Defender for O365 has triggered an alert on. Is the API sending the data? If yes, where is the fields stuck?</P><P class="lia-align-left">Br,</P><P class="lia-align-left">Robar</P> Wed, 02 Feb 2022 14:21:25 GMT robar_ismail97 2022-02-02T14:21:25Z https://community.splunk.com/t5/Getting-Data-In/Data-fields-in-Microsoft-Office-365-Reporting-Add-on-for-Splunk/m-p/583400#M102787 <P class="lia-align-left">Hi,</P><P class="lia-align-left">I have created an app in Azure given the permissions to the Office 365 management activity API and also created the Microsoft Office 365 Reporting Add-on in&nbsp;Splunk. The results when searching is not covering the fields i want. I want to get the subject of the email which Defender for O365 has triggered an alert on. Is the API sending the data? If yes, where is the fields stuck?</P><P class="lia-align-left">Br,</P><P class="lia-align-left">Robar</P> Wed, 02 Feb 2022 14:21:25 GMT https://community.splunk.com/t5/Getting-Data-In/Data-fields-in-Microsoft-Office-365-Reporting-Add-on-for-Splunk/m-p/583400#M102787 robar_ismail97 2022-02-02T14:21:25Z