All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Steps for Configuring Splunk Add-on for Microsoft Office 365 for China Tenant

Tilakram
New Member
‎11-15-2024 10:07 AM

Hello Splunkers,

I’m working on integrating a Microsoft Office 365 tenant hosted in China (managed by 21Vianet) with Splunk Cloud. I am using the Splunk Add-on for Microsoft Office 365 but need help configuring it specifically for the China tenant.

I understand that the endpoints for China are different from the global Microsoft 365 environment. For instance:

Could someone provide step-by-step instructions or point me to the necessary configuration files (like inputs.conf) or documentation to correctly set this up for:

  • Subscription to O365 audit logs
  • Graph API integration
  • Event collection

Additionally, if there are any known challenges or limitations specific to the China tenant setup, I’d appreciate insights on those as well.

Thank you in advance for your guidance!

Tilakram

Labels (1)
Labels
0 Karma
Reply

Meett
Splunk Employee
Splunk Employee
‎11-17-2024 09:17 PM

Hello @Tilakram Add-on doesn’t support Azure china ByDefault so i am afraid if it will work or not.

0 Karma
Reply

Tilakram
New Member
‎11-17-2024 10:45 PM

Hello @Meett ,

Thank you for the quick response! I appreciate your insight.

If the Splunk Add-on for Microsoft Office 365 doesn’t natively support Azure China, are there any recommended workarounds or custom configurations (e.g., modifying inputs.conf or using custom scripts) that could enable data collection for China tenants?

Alternatively, are there other Splunk-supported methods or integrations that you’d recommend for ingesting Microsoft Office 365 logs from Azure China tenants? For instance, could a custom API integration with the Graph API endpoint https://microsoftgraph.chinacloudapi.cn be a feasible approach?

Looking forward to your thoughts!

Regards,
Tilakram

Tags (1)
0 Karma
Reply

Moni
New Member
‎08-13-2025 07:49 AM

Hello, I am having similar issues. @Tilakram @Meett 
Were you able to fix it or know if 21V is supported within Splunk for log ingestion?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-13-2025 08:06 AM

Not knowing the app itself I might say that if the Chinese tenants differ _only_ on the service URI, you might try to edit the app yourself and see if changing the URI(s) in the code helps.

The downside is that you'll have to do it again on each app upgrade and your version would be unsupported - in case something doesn't work you're on your own.

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...