All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft O365 Email Add-on for Splunk - No data received and getting error

hlog
Splunk Employee
Splunk Employee
‎09-14-2021 11:31 PM

Hi All,

My customer want to collect mail transmission/reception logs using the "Microsoft O365 Email Add-on for Splunk" App.

But I have no data received and getting error as below.(I attached the full error logs)

-----------------------------
2021-09-15 11:03:56,355 ERROR pid=50226 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'
-----------------------------

Thank you in advance.

Best regards,

Bob Hwang

Labels (3)
Tags (3)
Preview file
2353 KB
0 Karma
Reply

sanju2408de
Explorer
‎02-13-2022 11:10 PM

Did you get solution for this issue?

I am also facing similar issue wherein it gives below error and no emails are getting ingested into Splunk.

 

2022-02-14 06:28:02,998 ERROR pid=21464 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'

0 Karma
Reply

jzcal
Loves-to-Learn Everything
‎01-04-2023 07:02 AM

I started receiving the same errors recently as per above and no data is being ingested in to Splunk. Have you received a solution for this?

I did update to the latest version 2.3.3 thinking that my fix the issue, but it did not.

I also reached out to Splunk support, but since it is not supported, there is not much they can do. 

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...