All Apps and Add-ons

No Errors and no logs with Microsoft Office 365 Reporting Add-on for Splunk

Loves-to-Learn Lots

Hello,

i have installed the Reporting Add-on and fixed the Error 500. The Add-On is now connecting to Mircosoft and is always going to the next endpoint url.

if i manually open "https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?%5C$filter=StartDat..." -> i am getting logs. 

If i manually open the next Endpoint url -> i am getting logs.

Looks good from my perspective.

 

Still i am getting no data in my index. The index is working, we are getting data in via another addon (sourcetype="o365:management:activity")

 

can anyone assist me in finding the problem?

 

thank you in advance

 

br

Andreas

2020-08-12 08:55:35,493 INFO pid=24279 tid=MainThread file=splunk_rest_client.py:_request_handler:105 | Use HTTP connection pooling
2020-08-12 08:55:35,494 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/TA_MS_O365_... (body: {})
2020-08-12 08:55:35,495 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): 127.0.0.1:8089
2020-08-12 08:55:35,499 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/TA_MS_O365_Reporting_checkpointer HTTP/1.1" 200 5516
2020-08-12 08:55:35,500 DEBUG pid=24279 tid=MainThread file=binding.py:new_f:73 | Operation took 0:00:00.006632
2020-08-12 08:55:35,501 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/ (body: {'search': 'TA_MS_O365_Reporting_checkpointer', 'offset': 0, 'count': -1})
2020-08-12 08:55:35,504 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/config/?search=TA_MS_O365_Reporting_checkpointer&offset=0&count=-1 HTTP/1.1" 200 7417
2020-08-12 08:55:35,504 DEBUG pid=24279 tid=MainThread file=binding.py:new_f:73 | Operation took 0:00:00.003792
2020-08-12 08:55:35,507 DEBUG pid=24279 tid=MainThread file=binding.py:get:677 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/data/TA_MS_O365_Re... (body: {})
2020-08-12 08:55:35,510 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://127.0.0.1:8089 "GET /servicesNS/nobody/TA-MS_O365_Reporting/storage/collections/data/TA_MS_O365_Reporting_checkpointer/at_o365_phs_obj_checkpoint HTTP/1.1" 404 140
2020-08-12 08:55:35,511 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Start date: 2020-08-07 08:55:35.511356, End date: 2020-08-07 09:55:35.511356
2020-08-12 08:55:35,511 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?\$filter=StartDate eq datetime'2020-08-07T08:55:35.511356Z' and EndDate eq datetime'2020-08-07T09:55:35.511356Z'
2020-08-12 08:55:35,511 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2020-08-12 08:55:35,513 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): reports.office365.com:443
2020-08-12 08:55:37,001 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://reports.office365.com:443 "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?%5C$filter=StartDate%20eq%20datetime'2020-08-07T08:55:35.511356Z'%20and%20EndDate%20eq%20datetime'2020-08-07T09:55:35.511356Z' HTTP/1.1" 200 None
2020-08-12 08:55:37,116 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Next URL is https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999
2020-08-12 08:55:37,117 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999
2020-08-12 08:55:37,117 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!
2020-08-12 08:55:37,118 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): reports.office365.com:443
2020-08-12 08:55:38,633 DEBUG pid=24279 tid=MainThread file=connectionpool.py:_make_request:437 | https://reports.office365.com:443 "GET /ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=1999 HTTP/1.1" 200 None
2020-08-12 08:55:38,745 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Next URL is https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=3999
2020-08-12 08:55:38,745 DEBUG pid=24279 tid=MainThread file=base_modinput.py:log_debug:288 | Endpoint URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$skiptoken=3999
2020-08-12 08:55:38,746 INFO pid=24279 tid=MainThread file=setup_util.py:log_info:117 | Proxy is not enabled!

Labels (1)
0 Karma

Loves-to-Learn

I was having an issue with this as well, till I searched further back in the past.  I am running into a problem with the Time stamp not getting the Received time.  I am looking in the props.conf to see if I can fix it.

0 Karma