All Apps and Add-ons
Highlighted

Receiving 401 error when attempting to connect to Reporting URL

Builder

Hey All,

Just recently installed the Microsoft Office 365 Reporting Add-on for Splunk on one of our Heavy Forwarders.
I was able to successfully setup the input but am receiving an error when attempting to connect to the reporting URL

HTTP Request error: 401 Client Error: Unauthorized for url

I can login to the Exchange Admin center using the exact same user and run a message trace report with no issues but cant figure out why the Splunk Add-on is having issues.

Any help would be greatly appreciated!

Thanks!

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Contributor

HI Ada,
Initial check, try to fetch the Trace Report from the Office 365 Admin Center?
Some docs on this:
https://technet.microsoft.com/en-us/library/jj200712(v=exchg.150).aspx

credentials generally should work when used with add-on.
Try configuring it from Postman just to test.

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Builder

We are able to fetch the trace report from the admin center with the same credentials as I stated above.

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Builder

To add I tried with Postman and I am still getting a 401 error.

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Builder

Does anyone know if there is a way to use something besides Basic Auth with this add-on?
Our conditional access policy does not allow Basic Auth

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Builder

There are no contact email addresses for this app and no official splunk support.
Anyone out there have any recommendations?

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Path Finder

Did you have any luck solving this? I am having the same issue.

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Builder

Nope never been able to solve it. As of right now we are without message tracking logs in Exchange Online. Its not related to MFA for us as the acct I use to connect is a service account with MFA not enabled.

I tried emailing one of the developers of the add-on but no response and the forum is quiet.

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Path Finder

That's too bad. We are a modern auth only shop as well so it would make sense to me that it could be causing issues. I tried modifying this addon's python script from the HTTPBasicAuth request to use the HTTPDigestAuth but unfortunately something so simple was not the answer. Our team even made an exception to my account to allow for legacy auth and that doesn't seem to solve the issue either. I'll keep checking this thread to see if any other users are experiencing this to see if we can at least pin down the source of the cause.

0 Karma
Highlighted

Re: Receiving 401 error when attempting to connect to Reporting URL

Builder

Nope still no luck. We are currently exploring other options, have our Azure admin looking into it. We might end up using Event Hub to get these events but not 100% sure on the specifics. Thanks for the update on trying the .py script.

Will update when I find a solution

0 Karma