Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

O365 Message trace logs into Splunk

anandhalagarasa
Path Finder
‎01-21-2018 11:46 PM

Hi Team,

We have a request to index the O365 Message trace logs from Splunk .

So as recommended in Splunk blog we have followed the 1st step to retrieve the same.

https://www.splunk.com/blog/2017/10/05/splunking-microsoft-cloud-data-part-3.html

-->We have installed the Microsoft Office365 Reporting Add-on
-->As mentioned in the blog we have updated the configuration and their respective inputs.

Post which when we tried to fetch the logs with sourcetype as ms:o365:reporting:messagetrace we can able to see some events which got generated on Jan 12th 2018 and post which we couldn't able to see any new events for the same.

We are not sure about the exact issue in it.

We have provided the inputs and configurations as recommended. And I can able to see the logs for just one day and that means logs are getting ingested but dont know why it got indexed only for one day and post which there are no logs.

So kindly help on my query.

Tags (1)
0 Karma
Reply

maciep
Champion
‎01-26-2018 06:54 PM

i have no answer for you, but i think we could use that add-on. If I end up trying to install it, I'll share my experience.

0 Karma
Reply

anandhalagarasa
Path Finder
‎01-22-2018 04:04 AM

Kindly share your comments

0 Karma
Reply

anandhalagarasa
Path Finder
‎01-23-2018 05:36 AM

can anyone help on my request

0 Karma
Reply

anandhalagarasa
Path Finder
‎01-24-2018 03:00 AM

can anyone respond

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...