All Apps and Add-ons

Microsoft O365 Email Add-on for Splunk - No data received and getting error

hlog
Splunk Employee
Splunk Employee

Hi All,

My customer want to collect mail transmission/reception logs using the "Microsoft O365 Email Add-on for Splunk" App.

But I have no data received and getting error as below.(I attached the full error logs)

-----------------------------
2021-09-15 11:03:56,355 ERROR pid=50226 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'
-----------------------------

Thank you in advance.

Best regards,

Bob Hwang

Labels (3)
Tags (3)
0 Karma

sanju2408de
Explorer

Did you get solution for this issue?

I am also facing similar issue wherein it gives below error and no emails are getting ingested into Splunk.

 

2022-02-14 06:28:02,998 ERROR pid=21464 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'

0 Karma

jzcal
Loves-to-Learn Everything

I started receiving the same errors recently as per above and no data is being ingested in to Splunk. Have you received a solution for this?

I did update to the latest version 2.3.3 thinking that my fix the issue, but it did not.

I also reached out to Splunk support, but since it is not supported, there is not much they can do. 

Thanks

0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...