All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk TA O365 error loop- How to ask splunk to not go behind and start to collect in time?

marcoRAD
New Member
‎12-16-2022 01:29 AM

Hello,

 

i'm experiencing an issue with the splunk TA for O365 and in particular with the Sharepoint Management Activity Logs.

The issue is this:

1) 10:00 AM i activate the input

2) 10:01 AM Splunk starts to collect 10:00 AM events

3) 10:05 AM Splunk continues to collect Sharepoint logs but going behind in time! (9:59 AM, 9:58 AM and so on)

4) 11:00 AM Splunk is still collecting logs in the past but the temporary token expires and the input is closed and reopened

5) 11:00 AM Splunk reopen the input

6) 11:01 AM Splunk starts to collect 11:00 AM events

7) JUMP to step 3 but 1 hour later

 

May you know how to not ask splunk to go behind and starts to collect in time?

 

Regards

 

Marco

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎12-16-2022 07:04 AM

@marcoRAD - On Office 365 App Inputs used to have that option but no longer present in the latest App that I can see.

You can create a Splunk support case to get resolution from the developer of the Add-on.

 

Please consider upvoting/accepting the answer it this helps!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...