Splunk SOAR (f.k.a. Phantom)

Issues with Microsoft Exchange On-Premise EWS polling



We are using Microsoft Exchange On-Premise EWS app version 2.0.29 (Upgraded from 2.0.17) and we are experiencing some issues with Polling.

First of all the "oldest first" parameter seems to work as "latest first" and the "latest first" works as "oldest first".

Secondly the Scheduled/interval polling is working this way (more or less in every single test I have made):

- First iteration: brings the Max emails per scheduled polling.

-Second iteration: brings the first iteration number of emails.

-Third iteration: brings the max emails per scheduled polling.

-After that it does not bring any more emails despite the fact that there are more pending emails to bring.


As well it seems that there is a cache when I try the same emails and there are some emails missing when I execute the Scheduled polling over the same set of emails.


Can you help please?


Thank you!


Labels (1)
0 Karma

Path Finder


Have you tried the previous version 1.0.105? We raised a support case for the latest version for similar issues and they are looking into a fix as the state file isn't filled out correctly.

Oldest first for us didn't work at all, so we had to use latest which puts everything out of order.

0 Karma



For app related issues, you can try reporting it Phantom Support / or to the developer of the App.

In the meantime, just revert to the working app version while the issue is being identified / fixed in the newer version.


0 Karma
Get Updates on the Splunk Community!

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...