All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

O365 is configured to send the messagetrace logs are intermittently logged.

gowthambr
New Member
‎11-01-2018 09:41 PM

O365 is configured to send the messagetrace logs to splunk heavyforwarder. alt textO365 is configured to send the messagetrace logs are intermittently logged. 0365 team said there is no blocker from their end. O365 is configured to send the messagetrace logs to splunk heavyforwarder. In this case somehow the logs never came to splunk in those gaps. We are trying to understand what happened. I have attached a screenshot which shows a instance where the logging is intermittent. We had reached out to Splunk support with a vendor case and they said that they wont be able to support this as its a community app/add on. The issue continues to occur to this day.

Preview file
87 KB
0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎01-30-2019 10:55 AM

Do you see any errors in the _internal index related to this add-on?

index=_internal source="*ta_ms_o365_reporting_ms_o365_message_trace*"

Also, check your input parameters like window size and delay throttle. For more information on what those settings do, check out this post -> https://answers.splunk.com/answers/719725/input-settings-for-microsoft-office-365-reporting.html

0 Karma
Reply

patilsonali1729
Path Finder
‎01-14-2019 10:01 AM

any update on this?

0 Karma
Reply

marycordova
SplunkTrust
SplunkTrust
‎01-14-2019 05:12 PM

This Add-on has been pretty reliable for me so this seems pretty odd...

@marycordova
0 Karma
Reply
Get Updates on the Splunk Community!

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...