I know there is an Exchange app for Splunk, and it covers a few different use cases, such as performance, usage, health, etc ... But ... is there an app which can actually onboard data from mailboxes, i.e., received/sent emails including metadata, attachments, body, headers, etc...?
TA-Exchange-Mailbox - AddOn-Exchange-Mailbox:(C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking]) This is the data input and field extractions for an Exchange Mailbox Role. It is used in conjunction with Splunk for Exchange.
There is add-on “Microsoft Office 365 Reporting Add-on for Splunk” available in Splunk base that collects Message Trace data from Microsoft Office 365.