Hi All,
My customer want to collect mail transmission/reception logs using the "Microsoft O365 Email Add-on for Splunk" App.
But I have no data received and getting error as below.(I attached the full error logs)
-----------------------------
2021-09-15 11:03:56,355 ERROR pid=50226 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'
-----------------------------
Thank you in advance.
Best regards,
Bob Hwang
Did you get solution for this issue?
I am also facing similar issue wherein it gives below error and no emails are getting ingested into Splunk.
2022-02-14 06:28:02,998 ERROR pid=21464 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/ta_microsoft_o365_email_add_on_for_splunk/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
self.collect_events(ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/o365_email.py", line 136, in collect_events
input_module.collect_events(self, ew)
File "/splunk/etc/apps/TA_microsoft_o365_email_add_on_for_splunk/bin/input_module_o365_email.py", line 182, in collect_events
messages.append(messages_response['value'])
KeyError: 'value'
I started receiving the same errors recently as per above and no data is being ingested in to Splunk. Have you received a solution for this?
I did update to the latest version 2.3.3 thinking that my fix the issue, but it did not.
I also reached out to Splunk support, but since it is not supported, there is not much they can do.
Thanks