All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

O365 is configured to send the messagetrace logs are intermittently logged.

gowthambr
New Member
‎11-01-2018 09:41 PM

O365 is configured to send the messagetrace logs to splunk heavyforwarder. alt textO365 is configured to send the messagetrace logs are intermittently logged. 0365 team said there is no blocker from their end. O365 is configured to send the messagetrace logs to splunk heavyforwarder. In this case somehow the logs never came to splunk in those gaps. We are trying to understand what happened. I have attached a screenshot which shows a instance where the logging is intermittent. We had reached out to Splunk support with a vendor case and they said that they wont be able to support this as its a community app/add on. The issue continues to occur to this day.

Preview file
87 KB
0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎01-30-2019 10:55 AM

Do you see any errors in the _internal index related to this add-on?

index=_internal source="*ta_ms_o365_reporting_ms_o365_message_trace*"

Also, check your input parameters like window size and delay throttle. For more information on what those settings do, check out this post -> https://answers.splunk.com/answers/719725/input-settings-for-microsoft-office-365-reporting.html

0 Karma
Reply

patilsonali1729
Path Finder
‎01-14-2019 10:01 AM

any update on this?

0 Karma
Reply

marycordova
SplunkTrust
SplunkTrust
‎01-14-2019 05:12 PM

This Add-on has been pretty reliable for me so this seems pretty odd...

@marycordova
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...