All Apps and Add-ons

No Errors and no logs with Microsoft Office 365 Reporting Add-on for Splunk

poisar
Explorer

Hello,

i have installed the Reporting Add-on and fixed the Error 500. The Add-On is now connecting to Mircosoft and is always going to the next endpoint url.

if i manually open "https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?%5C$filter=StartDat..." -> i am getting logs. 

If i manually open the next Endpoint url -> i am getting logs.

Looks good from my perspective.

 

Still i am getting no data in my index. The index is working, we are getting data in via another addon (sourcetype="o365:management:activity")

 

can anyone assist me in finding the problem?

 

thank you in advance

 

br

Andreas

2020-08-12 08:55:35,493 INFO pid=24279 tid=MainThread file=splunk_rest_client.py:_request_handler:105 | Use HTTP connection pooling
2020-08-12 08:55:35,494 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/TA_MS_O365_... (body: {})
2020-08-12 08:55:35,495 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): 127.0.0.1:8089
2020-08-12 08:55:35,499 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/TA_MS_O365_Reporting_checkpointer HTTP/1.1" 200 5516
2020-08-12 08:55:35,500 DEBUG pid=24279 tid=MainThread file=binding.py:new_f:73 | Operation took 0:00:00.006632
2020-08-12 08:55:35,501 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/ (body: {'search': 'TA_MS_O365_Reporting_checkpointer', 'offset': 0, 'count': -1})
2020-08-12 08:55:35,504 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/?search=TA_MS_O365_Reporting_checkpointer&offset=0&count=-1 HTTP/1.1" 200 7417
2020-08-12 08:55:35,504 DEBUG pid=24279 tid=MainThread file=binding.py:new_f:73 | Operation took 0:00:00.003792
2020-08-12 08:55:35,507 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/data/TA_MS_O365_Re... (body: {})
2020-08-12 08:55:35,510 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/data/TA_MS_O365_Reporting_checkpointer/at_o365_phs_obj_checkpoint HTTP/1.1" 404 140
2020-08-12 08:55:35,511 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Start date: 2020-08-07 08:55:35.511356, End date: 2020-08-07 09:55:35.511356
2020-08-12 08:55:35,511 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?\$filter=StartDate eq datetime'2020-08-07T08:55:35.511356Z' and EndDate eq datetime'2020-08-07T09:55:35.511356Z'
2020-08-12 08:55:35,511 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2020-08-12 08:55:35,513 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): reports.office365.com:443
2020-08-12 08:55:37,001 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://reports.office365.com:443 "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?%5C$filter=StartDate%20eq%20datetime'2020-08-07T08:55:35.511356Z'%20and%20EndDate%20eq%20datetime'2020-08-07T09:55:35.511356Z' HTTP/1.1" 200 None
2020-08-12 08:55:37,116 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Next URL is https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999
2020-08-12 08:55:37,117 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999
2020-08-12 08:55:37,117 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2020-08-12 08:55:37,118 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): reports.office365.com:443
2020-08-12 08:55:38,633 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://reports.office365.com:443 "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999 HTTP/1.1" 200 None
2020-08-12 08:55:38,745 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Next URL is https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=3999
2020-08-12 08:55:38,745 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=3999
2020-08-12 08:55:38,746 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!

Labels (1)
0 Karma

dagar_ruralking
Loves-to-Learn

I was having an issue with this as well, till I searched further back in the past.  I am running into a problem with the Time stamp not getting the Received time.  I am looking in the props.conf to see if I can fix it.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...