We installed the Splunk Add-on for Microsoft Cloud Services and connected it with our Office 365 instance. We are successfully getting logs but our certificate status is is still "Auto-generated but not yet verified".
Per the instructions in the documentation troubleshooting section we have rinsed and repeated 3 times, and finally just decided we would wait to see if the process took some time. It has now been 24 hours and our certificate is not verified.
Does anyone know exactly how the certificate process works, including but not necessarily limited to protocol and direction? The documentation leaves something to be desired with regards to firewall exceptions.
What version of Splunk are you using? If you haven't done so already try updating to 6.4 as this process seems to work more smoothly in the latest version. You may initially see a message in the troubleshooting dashboard that the certificate is invalid, but restarting Splunk should take care of that.
We're running version 6.4.1. It has been 3 days now since we set this up and we are still seeing "Auto-generated but not verified yet".
I restarted Splunk on the server just now, still not verified but I'll keep checking it and report if it does successfully verify.
This may be related or not, we haven't had any new events come in since we set this up on Tuesday. The troubleshooting page states that we have 1 account and 1 input, neither of which are invalid.
Have you already followed the instructions for configuring certificates in the add-on?
Yep. We tried twice with auto-generated certificates, once with our own certificate, and then a third time with the auto-generated certificate. The certificate was not verified any of the times.