Splunk Enterprise

How to configure REST API endpoints to fetch data from Office 365 Admin Centre?


Hi All,

I am trying to configure REST API endpoints to fetch data from office 365 Admin Center. I am trying to do that via Splunk Add-On for Microsoft Office 365. (Please let me know if I am doing it wrong because I don't see any Splunk document that say how to configure REST endpoints to fetch Admin Center data).

So far I have got the tenant created and this is able to access the APIs.

My question is where do I configure the endpoints or what input type and content type should I select on Splunk Add-On for Microsoft Office 365  as I don't see an option to add the endpoints anywhere in the TA? Also, is there any other way to configure this?

Thanks in advance for your help and suggestions!! Apologies for not being able to share any screenshots due to security concerns.

0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...