Splunk Enterprise Security

Microsoft Office 365 Reporting Mail

moshahin
Engager

Hi,

I've been trying to get email trace for office365 exchange using the addon in subject. 

No data is coming under this sourcetype

 

sourcetype: ms:o365:reporting:messagetrace

 

 checked ta_ms_o365_reporting_ms_o365_message_trace.log 

no errors are seen. No attempts of using the API is seen

I have the below configuration set for the input

moshahin_0-1598879381017.png

Not sure about the "delay throttle" part. if there are default values i don't mind using them

What am I missing here? 

Labels (1)
Tags (1)
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...