I am continually getting a 404 Client error for bad request due to the start and end dates being past 7 days. The app works when I Index Once but as soon as I enable continuous monitor and add a day within 7 days from today I get the following error: ExecProcessor - message from "python /opt/splunk/etc/apps/TA-MS_O365_Reporting/bin/ms_o365_message_trace.py" HTTP Request error: 400 Client Error: Bad Request for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...'

I have the following settings for the app: Interval=180 Query Window size= 30 Delay throttle=32 and Start date/time= 2019-05-10T09:00:00.

I checked the local directory as well to verify these setting are in the input.conf file.

Why does the error show a date of 2018? Is there another place I should check for the start/end date?

Thanks!