Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk add-on for O365

mbagali_splunk
Splunk Employee
Splunk Employee
‎12-28-2018 03:27 AM

Splunk add-on for O365 stops ingesting data and a restart of splunk service makes it working again.

I see below errors in add-on audit logs:

O365PortalError: 401:{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."}}

ERROR ApplicationUpdater - Error checking for update, URL=https://apps.splunk.com/api/apps:resolve/checkforupgrade: Winsock error 10054

ConnectionError: ('Connection aborted.', error(10054, 'An existing connection was forcibly closed by the remote host'))

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎12-28-2018 03:30 AM

For Winsock error , Increase maxThreads and maxSockets

In the [httpServer] stanza, set
[httpServer]
maxThreads=100000
maxSockets=50000

For error : O365PortalError: 401:{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."}}

We get this error if Standard O365 subscription doesn't contain DLP feature.

View solution in original post

Reply
Solved! Jump to solution
Solution

mbagali_splunk
Splunk Employee
Splunk Employee
‎12-28-2018 03:30 AM

For Winsock error , Increase maxThreads and maxSockets

In the [httpServer] stanza, set
[httpServer]
maxThreads=100000
maxSockets=50000

For error : O365PortalError: 401:{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."}}

We get this error if Standard O365 subscription doesn't contain DLP feature.

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...