All Apps and Add-ons

Microsoft Office 365 Reporting Add-On for Splunk

New Member

Having a difficult time to get this add-on to actually pull message trace logs from exchange online, and was wondering what role/access the actual account needs to be set at in the exchange admin console? Or maybe I'm just missing something entirely with the configuration of this add-on. Log messages from /opt/splunk/var/log/splunk/ta_ms_o365_reporting_ms_o365_message_trace.log show successful connections & get requests:

 DEBUG pid=31238 tid=MainThread | Starting new HTTPS connection (1):
 DEBUG pid=31238 tid=MainThread | "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%20eq%20datetime'2020-03-11T22:36:43.072002Z'%20and%20EndDate%20eq%20datetime'2020-03-11T23:36:43.072002Z' HTTP/1.1" 200 None
 DEBUG pid=31238 tid=MainThread | Next URL is$filter=StartDate%20eq%20datetime'2020-03-11T22%3A36%3A43.072002Z'%20and%20EndDate%20eq%20datetime'2020-03-11T23%3A36%3A43.072002Z'&$skiptoken=1999
 DEBUG pid=31238 tid=MainThread | Endpoint URL:$filter=StartDate%20eq%20datetime'2020-03-11T22%3A36%3A43.072002Z'%20and%20EndDate%20eq%20datetime'2020-03-11T23%3A36%3A43.072002Z'&$skiptoken=1999
 INFO pid=31238 tid=MainThread | Proxy is not enabled!
0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...