topic Exchange Online Logs in Splunk in Splunk Enterprise Security https://community.splunk.com/t5/Splunk-Enterprise-Security/Exchange-Online-Logs-in-Splunk/m-p/756077#M12777 <P>Hi,</P><P>&nbsp;</P><P>I would like to use Splunk to gather email metrics. For example, what email was send, to whom, whether it had an attachment, size of email and/or attachment. Seems like the O365 logs are pretty bad. E.g. The send activity doesn't even capture the recipient. Has anyone had any luck capturing this data? Appreciate any help you can provide.</P><P>&nbsp;</P><P>Thanks,</P><P>Rich</P> Tue, 02 Dec 2025 16:03:12 GMT ringo227 2025-12-02T16:03:12Z Exchange Online Logs in Splunk https://community.splunk.com/t5/Splunk-Enterprise-Security/Exchange-Online-Logs-in-Splunk/m-p/756077#M12777 <P>Hi,</P><P>&nbsp;</P><P>I would like to use Splunk to gather email metrics. For example, what email was send, to whom, whether it had an attachment, size of email and/or attachment. Seems like the O365 logs are pretty bad. E.g. The send activity doesn't even capture the recipient. Has anyone had any luck capturing this data? Appreciate any help you can provide.</P><P>&nbsp;</P><P>Thanks,</P><P>Rich</P> Tue, 02 Dec 2025 16:03:12 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Exchange-Online-Logs-in-Splunk/m-p/756077#M12777 ringo227 2025-12-02T16:03:12Z Re: Exchange Online Logs in Splunk https://community.splunk.com/t5/Splunk-Enterprise-Security/Exchange-Online-Logs-in-Splunk/m-p/756181#M12783 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/314559">@ringo227</a>&nbsp;- Only way currently available on Splunkbase to collect the email logs is with Office 365 Add-on.</P><P><A href="https://splunk.github.io/splunk-add-on-for-microsoft-office-365/ConfigureMessageTraceInput/" target="_blank">https://splunk.github.io/splunk-add-on-for-microsoft-office-365/ConfigureMessageTraceInput/</A></P><P><A href="https://splunkbase.splunk.com/app/4055" target="_blank">https://splunkbase.splunk.com/app/4055</A>&nbsp;</P><P>&nbsp;</P><P>I hope this helps!!!</P> Thu, 04 Dec 2025 17:32:22 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Exchange-Online-Logs-in-Splunk/m-p/756181#M12783 VatsalJagani 2025-12-04T17:32:22Z