All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configuration page doesn't work for Splunk Add-on for Office 365

stevenjluke
Explorer
‎11-05-2019 12:30 PM

I just install the Splunk Add-on for Microsoft Office 365. The current directions say click on the tenant tab. There isn't once but there is a configuration tab. When I click on the configuration tab all I get is a page with an html link that takes me back to the main splunk page.

The only version I can download is 2.0 which just came out. Is there an issue with the new release? How can I configure a tenant?

Reply

uagrawal_splunk
Splunk Employee
Splunk Employee
‎11-09-2019 07:25 AM

No, there is no issue with the newer version of Splunk Add-On for Office 365.
In the new release, Tenant and Setting pages are restricted to admin only for security concerns. Refer to New features: https://docs.splunk.com/Documentation/AddOns/released/MSO365/Releasenotes
If you want to access the UI of the Tenant and settings page, then you need admin credentials.

Reply

vector_sec
New Member
‎12-02-2019 08:37 PM

I'm signed in as admin and the https://[my splunk hostname]/en-US/app/splunk_ta_o365/configuration page never loads, looking at inspect element all of the JS/HTML files are returning 404s. Running version 2.0.0 of the Add-on and version 7.2.7 of Splunk Enterprise.

Any ideas?

0 Karma
Reply

uagrawal_splunk
Splunk Employee
Splunk Employee
‎12-07-2019 02:14 AM

@vector_sec
The Splunk Add-On for Office 365 consists of a Tenant and Input page where you can do your Configuration.
So I think below link will work for you:
For tenant configuration: https ://[splunk hostname:port]/en-US/app/splunk_ta_o365/tenant
For Input Configuration: https ://[splunk hostname:port]/en-US/app/splunk_ta_o365/input
For logging and proxy settings: https: //[splunk hostname:port]/en-US/app/splunk_ta_o365/settings

0 Karma
Reply

marycordova
SplunkTrust
SplunkTrust
‎11-05-2019 02:18 PM

If you have access to an Azure environment there is a better way to get O365 logs by passing them through Azure than using an API based app: https://answers.splunk.com/answers/678660/how-to-get-logs-from-azure-and-o365-into-splunk.html

@marycordova
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...