All Apps and Add-ons

Has anyone had this Microsoft Office 365 Reporting Mail Add-on for Splunk Login Issue?

tasteless_dove
Engager

Hi Everyone,

Had a question and apologies in advanced if the topic has already been brought up. We are currently utilizing the Microsoft Office 365 Reporting Mail Add-on for Splunk to ingest message trace logs, but just recently we've been running into consistent 401 unauthorized errors. We've double checked and triple checked that the account used to query the API is not locked and we are able to get results when we manually call the URI:

Invoke-RestMethod -Method GET -Uri "https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?" -Credential $cred

Has anyone run into this issue? If so, would be very appreciated if there would be any feedback as to how it was resolved (or at least a pathway to remediation).


Thank you again

Labels (1)
0 Karma

jwalzerpitt
Influencer

Have you opened a case with Microsoft by any chance as I believe the issue lies with them?

0 Karma

tasteless_dove
Engager

Went through a long trial and error period and we got it somewhat stable. For whatever reason, we had to increase our interval from 5 minutes to 10 minutes and lower the delay throttle from 24 hours to 12 hours. We are getting the logs consistently (at least within the 24hour period). Weird the issue decided to start just recently, but at least we are getting logs 🙂

jwalzerpitt
Influencer

Thx for the update and for sharing your settings for the add-on / one would think Microsoft would have a better API for message trace logs knowing the importance of those logs

Glad you got it working and hope it stays that way!

0 Karma

Azmeentun
New Member

NO, I have Microsoft office 365. it is working very well and does cause any issues for me.I think there is some type of bug in your device. You need to fix that carefully than might be it will work for you.

futbol.JPG

0 Karma
Get Updates on the Splunk Community!

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...