All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk to pull data from office 365 one drive

lmatilla
Explorer
‎03-15-2017 08:36 PM

I have been figuring a way to pull data from Office 365 One Drive storage. The dump data that needs to be indexed are stored in one drive. I've installed the Microsoft Cloud Services add-on but need help in connecting. Am I in the right path? Thanks!

Reply

jconger
Splunk Employee
Splunk Employee
‎05-14-2018 01:55 PM

The Splunk Add-on for Microsoft Cloud Services will pull activity data for OneDrive - things like file operations, user activity, file information, etc. The add-on does not index data that resides in OneDrive though. Can you dump the data to an Azure Storage account blob or file share? The add-on can index data from a blob or table. You could mount a file share to index data as well.

0 Karma
Reply

fahmed11
Explorer
‎03-27-2019 01:47 PM

Can you point me to documentation which shows that this add-on pulls OneDrive and other O365 application activity logs? So far it looks like O365 management api data, which doesn't contain user activity information.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-12-2018 04:51 AM

I don’t think the ms cloud services app pulls from OneDrive. Looks like you’ll have to script your own input:

https://docs.microsoft.com/en-us/onedrive/developer/

0 Karma
Reply

adonio
Ultra Champion
‎05-13-2017 02:53 PM

kindly read the documentation, very detailed step by step explanation. start here:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/About
installation:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Installationsteps
configuration start here and keeps on going for several pages:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/ConfigureappinAzureAD
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...