All Apps and Add-ons

Difference with Splunk Add-on for Microsoft Cloud Services

sylbaea
Communicator

Hello,

I just saw the release of Splunk Add-on for Microsoft Office 365. What is the difference with Splunk Add-on for Microsoft Cloud Services. I used to have this one in my environment and does not understand the purpose of the new one ?

1 Solution

jconger
Splunk Employee
Splunk Employee

In short, the Office 365 input in the Splunk Add-on for Microsoft Cloud Services has migrated to its own add-on (the Splunk Add-on for Microsoft Office 365):

  • The Splunk Add-on for Microsoft Cloud Services has an Office 365 Management Activity API input.
  • The Splunk Add-on for Microsoft Office 365 supersedes the MSCS O365 input. There are some improvements too. Check out the migration and new feature section in the docs -> http://docs.splunk.com/Documentation/AddOns/released/MSO365/Releasenotes#Migration
  • Both of the above add-ons focus on activity and operation.
  • The Microsoft Office 365 Reporting Add-on gathers email message trace data (sender, receiver, status, subject line, etc.) The add-on uses the MessageTrace report via the O365 reporting web service. There are multiple reports available via this web service (thus the generic name of the add-on) -> https://msdn.microsoft.com/en-us/library/office/jj984325.aspx#Anchor_4

View solution in original post

dbaldwin_splunk
Splunk Employee
Splunk Employee

Splunk Add-on for Microsoft Office 365 replaces Office 365 modular input within Splunk Add-on for Microsoft Cloud Services. Customers who wish to pull Office 365 management activity events are recommended to disable Office 365 modular input within Splunk Add-on for Microsoft Cloud Services add-on and use Splunk Add-on for Microsoft Office 365 instead.

Note that source types have changed in Splunk Add-on for Microsoft Office 365 and any panels, dashboards, spl, etc will need to be adjusted.

Office 365 modular input is planned to be deprecated in a future release of Splunk Add-on for Microsoft Cloud Services add-on.

sylbaea
Communicator

Thanks a lot for clarification

0 Karma

jconger
Splunk Employee
Splunk Employee

In short, the Office 365 input in the Splunk Add-on for Microsoft Cloud Services has migrated to its own add-on (the Splunk Add-on for Microsoft Office 365):

  • The Splunk Add-on for Microsoft Cloud Services has an Office 365 Management Activity API input.
  • The Splunk Add-on for Microsoft Office 365 supersedes the MSCS O365 input. There are some improvements too. Check out the migration and new feature section in the docs -> http://docs.splunk.com/Documentation/AddOns/released/MSO365/Releasenotes#Migration
  • Both of the above add-ons focus on activity and operation.
  • The Microsoft Office 365 Reporting Add-on gathers email message trace data (sender, receiver, status, subject line, etc.) The add-on uses the MessageTrace report via the O365 reporting web service. There are multiple reports available via this web service (thus the generic name of the add-on) -> https://msdn.microsoft.com/en-us/library/office/jj984325.aspx#Anchor_4

jaxjohnny2000
Builder

The Splunk Add-on for Microsoft Cloud Services documentation still shows the sourcetype ms:o365:management.  

https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Sourcetypes

0 Karma

kevinmanson
Explorer

Jason,
Can you also expand on the this new app vs Microsoft Azure Active Directory Reporting Add-on for Splunk https://splunkbase.splunk.com/app/3757/

0 Karma

sylbaea
Communicator

Thanks a lot for clarification and very detailed answer

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...