I am continually getting a 404 Client error for bad request due to the start and end dates being past 7 days. The app works when I Index Once but as soon as I enable continuous monitor and add a day within 7 days from today I get the following error: ExecProcessor - message from "python /opt/splunk/etc/apps/TA-MS_O365_Reporting/bin/ms_o365_message_trace.py" HTTP Request error: 400 Client Error: Bad Request for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...'
I have the following settings for the app: Interval=180 Query Window size= 30 Delay throttle=32 and Start date/time= 2019-05-10T09:00:00.
I checked the local directory as well to verify these setting are in the input.conf file.
Why does the error show a date of 2018? Is there another place I should check for the start/end date?
Thanks!
We had to create another Input to resolve the issue. However, using the clone feature migrated the issue over to the cloned input as well so while the new input contains the same information it had to be built manually.
We had to create another Input to resolve the issue. However, using the clone feature migrated the issue over to the cloned input as well so while the new input contains the same information it had to be built manually.
Have you found a solution to this? We are having major issues with our inputs randomly stopping as well. I'm seeing a lot of 400 Client Errors.