All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Has anyone had this Microsoft Office 365 Reporting Mail Add-on for Splunk Login Issue?

tasteless_dove
Engager
‎06-09-2022 11:59 AM

Hi Everyone,

Had a question and apologies in advanced if the topic has already been brought up. We are currently utilizing the Microsoft Office 365 Reporting Mail Add-on for Splunk to ingest message trace logs, but just recently we've been running into consistent 401 unauthorized errors. We've double checked and triple checked that the account used to query the API is not locked and we are able to get results when we manually call the URI:

Invoke-RestMethod -Method GET -Uri "https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?" -Credential $cred

Has anyone run into this issue? If so, would be very appreciated if there would be any feedback as to how it was resolved (or at least a pathway to remediation).


Thank you again

Labels (1)
Labels
0 Karma
Reply

jwalzerpitt
Influencer
‎06-23-2022 07:13 AM

Have you opened a case with Microsoft by any chance as I believe the issue lies with them?

0 Karma
Reply

tasteless_dove
Engager
‎06-23-2022 09:31 AM

Went through a long trial and error period and we got it somewhat stable. For whatever reason, we had to increase our interval from 5 minutes to 10 minutes and lower the delay throttle from 24 hours to 12 hours. We are getting the logs consistently (at least within the 24hour period). Weird the issue decided to start just recently, but at least we are getting logs 🙂

Reply

jwalzerpitt
Influencer
‎06-23-2022 10:07 AM

Thx for the update and for sharing your settings for the add-on / one would think Microsoft would have a better API for message trace logs knowing the importance of those logs

Glad you got it working and hope it stays that way!

0 Karma
Reply

Azmeentun
New Member
‎06-10-2022 04:35 AM

NO, I have Microsoft office 365. it is working very well and does cause any issues for me.I think there is some type of bug in your device. You need to fix that carefully than might be it will work for you.

futbol.JPG

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...