All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft O365 Email Add-on for Splunk - No data received and getting error

hlog
Splunk Employee
Splunk Employee
‎09-14-2021 11:31 PM

Hi All,

My customer want to collect mail transmission/reception logs using the "Microsoft O365 Email Add-on for Splunk" App.

But I have no data received and getting error as below.(I attached the full error logs)

-----------------------------
2021-09-15 11:03:56,355 ERROR pid=50226 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'
-----------------------------

Thank you in advance.

Best regards,

Bob Hwang

Labels (3)
Tags (3)
Preview file
2353 KB
0 Karma
Reply

sanju2408de
Explorer
‎02-13-2022 11:10 PM

Did you get solution for this issue?

I am also facing similar issue wherein it gives below error and no emails are getting ingested into Splunk.

 

2022-02-14 06:28:02,998 ERROR pid=21464 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'

0 Karma
Reply

jzcal
Loves-to-Learn Everything
‎01-04-2023 07:02 AM

I started receiving the same errors recently as per above and no data is being ingested in to Splunk. Have you received a solution for this?

I did update to the latest version 2.3.3 thinking that my fix the issue, but it did not.

I also reached out to Splunk support, but since it is not supported, there is not much they can do. 

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...