Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to index Outlook365 inbox?

hexxamillion
Explorer
‎12-04-2018 01:15 PM

I have not seen any information or suggestions on how to index inbox messages from Outlook365. I understand it is just REST API but the microsoft API is not very friendly and requires refresh token which I seen from their communities is not so friendly to develop for either. Is there a Splunk app that works with Outlook365 that allows you to sign in using an account and grabs messages from the folder you need and index it?

If not, sounds like a great suggestion for Splunk to offer in Splunkbase. I am aware of the other Microsoft365 apps in Splunkbase but those look more for administration or management of the environment.

Tags (2)
0 Karma
Reply

dkeck
Influencer
‎12-04-2018 11:03 PM

Hi,

did you check this app, sounds like it can get you your inbox data?

https://splunkbase.splunk.com/app/3720/

0 Karma
Reply

hexxamillion
Explorer
‎12-05-2018 08:48 AM

I did review that and again that one looks to be for more administration and not specific to outlook messages. Anywho, I finally figured out the Outlook365 REST API, got my access token. I was able to test getting inbox messages. So my plan now is to just use one of the Splunk apps that help to index or lookup REST API data. Ideally it would be nice to have an app specific to Outlook365.

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-06-2018 06:43 AM

Yeah, the management data will tell you sender, recipient, subject etc - but not the entire content so it won't replace actually looking at the inbox. For making your own REST calls use the REST modular input add-on.

0 Karma
Reply

hexxamillion
Explorer
‎12-06-2018 08:56 AM

Yeah. That's the app that I am trying to test with now. So far not having much success with that but still working on it.

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-06-2018 09:00 AM

Feel free to post new questions specific to issues you have with the app separately.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...