Solved: Microsoft Office 365 Reporting Add-on for Splunk -...

4A616D6573 · ‎11-20-2018

Hi all,

I'm trying to setup this Add-on but appear to be having issues, I've configured an Office 365 with the following permissions (View-Only Recipients) but I'm receiving the following error:

2018-11-21 08:27:56,809 ERROR pid=2942 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 404 Client Error: Not Found for url: hxxps://reports[.]office365[.]com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%20eq%20datetime'2018-11-16T08:27:54.943081Z'%20and%20EndDate%20eq%20datetime'2018-11-16T09:27:54.943081Z'

I've tried setting the add-on input to Index Once and also checked that the Office 365 account doesn't have MFA enabled.

Any ideas?

4A616D6573 · ‎11-28-2018

Turns out I was the villain all along. I had assigned to View-Only Recipients role in the Security & Compliance Centre instead of Exchange Admin Centre.

View solution in original post

4A616D6573 · ‎11-28-2018

Turns out I was the villain all along. I had assigned to View-Only Recipients role in the Security & Compliance Centre instead of Exchange Admin Centre.

Microsoft Office 365 Reporting Add-on for Splunk - HTTP Request Error Not Found for URL

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation