All Apps and Add-ons

No Errors and no logs with Microsoft Office 365 Reporting Add-on for Splunk

poisar
Explorer

Hello,

i have installed the Reporting Add-on and fixed the Error 500. The Add-On is now connecting to Mircosoft and is always going to the next endpoint url.

if i manually open "https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?%5C$filter=StartDat..." -> i am getting logs. 

If i manually open the next Endpoint url -> i am getting logs.

Looks good from my perspective.

 

Still i am getting no data in my index. The index is working, we are getting data in via another addon (sourcetype="o365:management:activity")

 

can anyone assist me in finding the problem?

 

thank you in advance

 

br

Andreas

2020-08-12 08:55:35,493 INFO pid=24279 tid=MainThread file=splunk_rest_client.py:_request_handler:105 | Use HTTP connection pooling
2020-08-12 08:55:35,494 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/TA_MS_O365_... (body: {})
2020-08-12 08:55:35,495 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): 127.0.0.1:8089
2020-08-12 08:55:35,499 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/TA_MS_O365_Reporting_checkpointer HTTP/1.1" 200 5516
2020-08-12 08:55:35,500 DEBUG pid=24279 tid=MainThread file=binding.py:new_f:73 | Operation took 0:00:00.006632
2020-08-12 08:55:35,501 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/ (body: {'search': 'TA_MS_O365_Reporting_checkpointer', 'offset': 0, 'count': -1})
2020-08-12 08:55:35,504 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/?search=TA_MS_O365_Reporting_checkpointer&offset=0&count=-1 HTTP/1.1" 200 7417
2020-08-12 08:55:35,504 DEBUG pid=24279 tid=MainThread file=binding.py:new_f:73 | Operation took 0:00:00.003792
2020-08-12 08:55:35,507 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/data/TA_MS_O365_Re... (body: {})
2020-08-12 08:55:35,510 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/data/TA_MS_O365_Reporting_checkpointer/at_o365_phs_obj_checkpoint HTTP/1.1" 404 140
2020-08-12 08:55:35,511 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Start date: 2020-08-07 08:55:35.511356, End date: 2020-08-07 09:55:35.511356
2020-08-12 08:55:35,511 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?\$filter=StartDate eq datetime'2020-08-07T08:55:35.511356Z' and EndDate eq datetime'2020-08-07T09:55:35.511356Z'
2020-08-12 08:55:35,511 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2020-08-12 08:55:35,513 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): reports.office365.com:443
2020-08-12 08:55:37,001 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://reports.office365.com:443 "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?%5C$filter=StartDate%20eq%20datetime'2020-08-07T08:55:35.511356Z'%20and%20EndDate%20eq%20datetime'2020-08-07T09:55:35.511356Z' HTTP/1.1" 200 None
2020-08-12 08:55:37,116 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Next URL is https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999
2020-08-12 08:55:37,117 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999
2020-08-12 08:55:37,117 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2020-08-12 08:55:37,118 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): reports.office365.com:443
2020-08-12 08:55:38,633 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://reports.office365.com:443 "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999 HTTP/1.1" 200 None
2020-08-12 08:55:38,745 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Next URL is https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=3999
2020-08-12 08:55:38,745 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=3999
2020-08-12 08:55:38,746 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!

Labels (1)
0 Karma

dagar_ruralking
Loves-to-Learn

I was having an issue with this as well, till I searched further back in the past.  I am running into a problem with the Time stamp not getting the Received time.  I am looking in the props.conf to see if I can fix it.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...