All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Has anyone had this Microsoft Office 365 Reporting Mail Add-on for Splunk Login Issue?

tasteless_dove
Engager
‎06-09-2022 11:59 AM

Hi Everyone,

Had a question and apologies in advanced if the topic has already been brought up. We are currently utilizing the Microsoft Office 365 Reporting Mail Add-on for Splunk to ingest message trace logs, but just recently we've been running into consistent 401 unauthorized errors. We've double checked and triple checked that the account used to query the API is not locked and we are able to get results when we manually call the URI:

Invoke-RestMethod -Method GET -Uri "https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?" -Credential $cred

Has anyone run into this issue? If so, would be very appreciated if there would be any feedback as to how it was resolved (or at least a pathway to remediation).


Thank you again

Labels (1)
Labels
0 Karma
Reply

jwalzerpitt
Influencer
‎06-23-2022 07:13 AM

Have you opened a case with Microsoft by any chance as I believe the issue lies with them?

0 Karma
Reply

tasteless_dove
Engager
‎06-23-2022 09:31 AM

Went through a long trial and error period and we got it somewhat stable. For whatever reason, we had to increase our interval from 5 minutes to 10 minutes and lower the delay throttle from 24 hours to 12 hours. We are getting the logs consistently (at least within the 24hour period). Weird the issue decided to start just recently, but at least we are getting logs 🙂

Reply

jwalzerpitt
Influencer
‎06-23-2022 10:07 AM

Thx for the update and for sharing your settings for the add-on / one would think Microsoft would have a better API for message trace logs knowing the importance of those logs

Glad you got it working and hope it stays that way!

0 Karma
Reply

Azmeentun
New Member
‎06-10-2022 04:35 AM

NO, I have Microsoft office 365. it is working very well and does cause any issues for me.I think there is some type of bug in your device. You need to fix that carefully than might be it will work for you.

futbol.JPG

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...