Getting Data In

404 Client Error with Microsoft Office 365 Reporting Add-On for Splunk

becksyboy
Communicator

Hi,

we have a the Microsoft Office 365 Reporting Add-On for Splunk configured with an account which is a member of the Service Administrators group. From the logs we are seeing the following error. Is this due to insufficient permissions?

Also when i log in as that account I do not see the ability to run any trace reports from the Admin console under Security & compliance; so that could also be an indicator of the issue? Is there an additional permission that needs to be set?

ERROR pid=15855 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 404 Client Error: Not Found for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...'

thanks

0 Karma
1 Solution

becksyboy
Communicator

This was resolved by creating a role group for the account and applying these permissions:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

I believe "MessageTracking" is optional.

View solution in original post

pauline5
New Member

The following forum resolved my issue. I have another query. I am getting an issue that whenever I am trying to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune, I am receiving the following error message from ADFS that "There was a problem accessing the site. Try to browse to the site again.".I have contacted the helpdesk support and followed accordingly https://supportprop58.com/office-setup/how-to-login-microsoft-office/.Guide us if anything I have missed out.

,

0 Karma

becksyboy
Communicator

This was resolved by creating a role group for the account and applying these permissions:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

I believe "MessageTracking" is optional.

dkeck
Influencer
0 Karma

becksyboy
Communicator

Saw this, but no the credentials are correct and i can login with the same ones into the Admin console. I've asked the Tenant admin to re-check the account permissions.

0 Karma

kconway35
New Member

Is the role group creation for the group mentioned on the Splunk side or the Azure Application Side? I only support the Azure Application Side. I don't have insight on how the Splunk Side was configured. Are the Role Groups mentioned:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

Set up in the the Azure Tenant Somewhere?

Thanks,

Kevin C.

0 Karma

becksyboy
Communicator

Hi Kevin,

our Tenant Administrator set this up on the Azure side for us. These are management role types.

thanks.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...