Hi
I need some assistances here.
I need to onboard the O365 Management API and Azure Audit data from Azure.
I am using Splunk Add On for Microsoft Cloud Server.
I followed the guide from this URL https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html.
I able to onboard O365 Management API data but not the Azure Audit Data.
The error that I got from the log file is
"AuthenticationError: , ConnectionError: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /cd99fef8-1cd3-4a2a-9bdf-15531181d65e/oauth2/token (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused',))"
It seem like the authentication issue, but I have no clue what permission that I need to assign in Azure. Can anyone provide me some advices?
Thanks
... View more