Getting Data In

404 Client Error with Microsoft Office 365 Reporting Add-On for Splunk

becksyboy
Communicator

Hi,

we have a the Microsoft Office 365 Reporting Add-On for Splunk configured with an account which is a member of the Service Administrators group. From the logs we are seeing the following error. Is this due to insufficient permissions?

Also when i log in as that account I do not see the ability to run any trace reports from the Admin console under Security & compliance; so that could also be an indicator of the issue? Is there an additional permission that needs to be set?

ERROR pid=15855 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 404 Client Error: Not Found for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...'

thanks

0 Karma
1 Solution

becksyboy
Communicator

This was resolved by creating a role group for the account and applying these permissions:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

I believe "MessageTracking" is optional.

View solution in original post

pauline5
New Member

The following forum resolved my issue. I have another query. I am getting an issue that whenever I am trying to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune, I am receiving the following error message from ADFS that "There was a problem accessing the site. Try to browse to the site again.".I have contacted the helpdesk support and followed accordingly https://supportprop58.com/office-setup/how-to-login-microsoft-office/.Guide us if anything I have missed out.

,

0 Karma

becksyboy
Communicator

This was resolved by creating a role group for the account and applying these permissions:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

I believe "MessageTracking" is optional.

dkeck
Influencer
0 Karma

becksyboy
Communicator

Saw this, but no the credentials are correct and i can login with the same ones into the Admin console. I've asked the Tenant admin to re-check the account permissions.

0 Karma

kconway35
New Member

Is the role group creation for the group mentioned on the Splunk side or the Azure Application Side? I only support the Azure Application Side. I don't have insight on how the Splunk Side was configured. Are the Role Groups mentioned:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

Set up in the the Azure Tenant Somewhere?

Thanks,

Kevin C.

0 Karma

becksyboy
Communicator

Hi Kevin,

our Tenant Administrator set this up on the Azure side for us. These are management role types.

thanks.

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...