All Apps and Add-ons

Microsoft Office 365 Reporting Add-On for Splunk

New Member

Having a difficult time to get this add-on to actually pull message trace logs from exchange online, and was wondering what role/access the actual account needs to be set at in the exchange admin console? Or maybe I'm just missing something entirely with the configuration of this add-on. Log messages from /opt/splunk/var/log/splunk/ta_ms_o365_reporting_ms_o365_message_trace.log show successful connections & get requests:

 DEBUG pid=31238 tid=MainThread | Starting new HTTPS connection (1):
 DEBUG pid=31238 tid=MainThread | "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%20eq%20datetime'2020-03-11T22:36:43.072002Z'%20and%20EndDate%20eq%20datetime'2020-03-11T23:36:43.072002Z' HTTP/1.1" 200 None
 DEBUG pid=31238 tid=MainThread | Next URL is$filter=StartDate%20eq%20datetime'2020-03-11T22%3A36%3A43.072002Z'%20and%20EndDate%20eq%20datetime'2020-03-11T23%3A36%3A43.072002Z'&$skiptoken=1999
 DEBUG pid=31238 tid=MainThread | Endpoint URL:$filter=StartDate%20eq%20datetime'2020-03-11T22%3A36%3A43.072002Z'%20and%20EndDate%20eq%20datetime'2020-03-11T23%3A36%3A43.072002Z'&$skiptoken=1999
 INFO pid=31238 tid=MainThread | Proxy is not enabled!
0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...