I'm looking for informations or methods on integrating RMS (Rights Management service/Office365) into Splunk (Linux).
I'm not sure if we can use the APT (powershell) ....
I checked online - But not able to find any informations.
I haven't tested this, but this Microsoft articles states that RMS logs are written to blob storage in W3C extended format:
You should be able to use the blob input in the Splunk Add-on for Microsoft Cloud Services to read this data.
View solution in original post