Activity Feed
- Got Karma for Re: Map on "Microsoft 365: Usage & Adoption" dashboard. 07-01-2020 12:16 PM
- Got Karma for Re: After the Microsoft Office 365 App for Splunk was successfully installed, why are the dashboards not populating?. 06-05-2020 12:50 AM
- Got Karma for Re: How to extract the all the field using rex?. 06-05-2020 12:49 AM
- Got Karma for Re: Why am I unable to view data in our production environment in Microsoft Cloud App for Splunk?. 06-05-2020 12:49 AM
- Posted Re: Map on "Microsoft 365: Usage & Adoption" dashboard on All Apps and Add-ons. 04-28-2020 04:16 PM
- Posted Re: After the Microsoft Office 365 App for Splunk was successfully installed, why are the dashboards not populating? on All Apps and Add-ons. 12-30-2019 08:00 PM
- Posted Re: Problem on MS Exchenge logs in Office365 App on All Apps and Add-ons. 06-18-2019 06:36 PM
- Posted Re: After the Microsoft Office 365 App for Splunk was successfully installed, why are the dashboards not populating? on All Apps and Add-ons. 02-17-2019 03:00 PM
- Posted Re: How to extract the all the field using rex? on Splunk Search. 06-20-2018 03:05 AM
- Posted Re: Why am I unable to view data in our production environment in Microsoft Cloud App for Splunk? on All Apps and Add-ons. 05-24-2018 01:22 AM
- Posted Re: Domain incorrect on All Apps and Add-ons. 04-18-2018 10:38 PM
- Posted Re: Splunk Add-on for Microsoft Cloud Services: Issue with configuration - "The resource does not support assignments of users or groups to Azure roles" on All Apps and Add-ons. 11-09-2017 03:36 PM
Topics I've Started
No posts to display.
04-28-2020
04:16 PM
1 Karma
If you append /edit to the usage and adoption dashboard, you can access all of the panels and configurations to modify them as required.
Eg: server/en-GB/app/microsoft_cloud_app/m365_usage_adoption/edit
You can edit the default map coordinates as well as the default zoom level from there. I'm not quite sure why it would be showing in German. This is possibly a local server timezone setting / local server language setting? The map uses Google. com map tiles and shows in English for all the users I've tested it on
Worst case, you can remove the Google map tiles and revert back to the inbuilt Splunk tiles.
Hope this helps!
Ry,
... View more
12-30-2019
08:00 PM
Hey Chris, thanks for the feedback. I've updated the searches to include a default index macro.
Edit the m365_default_index macro to include your M365 index.
v3.0.1 is now up on Splunkbase.
Cheers,
Ryan
... View more
06-18-2019
06:36 PM
Hey Giuseppe,
The ms:o365:reporting:messagetrace data is actually driven by exchange message tracking logs, which are not currently exposed using the official Splunk add-on for O365.
That data can be ingested using the Microsoft Office 365 Reporting add-on for Splunk:
https://splunkbase.splunk.com/app/3720/
I've updated the splunkbase app info to reflect this.
Thanks!
... View more
02-17-2019
03:00 PM
1 Karma
the o365_sourcetypes macro is just an easy way of defining the sourcetypes from both the O365 add-on and the Microsoft Cloud Services add-on sourcetype. You can expand the macro inline by hitting Ctrl+Shift+E on your keyboard. (Command+Shift+E on mac).
Check that the Splunk role you're using is searching specific indexes by default. Best practise for building dashboard content is to exclude index definitions.
Worst case you could edit the macro and prefix the macro with index="YOUR O365 INDEX"
Hope that helps!
... View more
06-20-2018
03:05 AM
1 Karma
If it's just FATAL or SUCCESS, you could try:
(?<status>FATAL|SUCCESS)
... View more
05-24-2018
01:22 AM
1 Karma
If your data is coming into the index "mscloud" and your management inputs are coming in via the Splunk Add-on for Microsoft Cloud Services, Then you should see data using: index=mscloud sourcetype=ms:o365:management
The Microsoft Cloud App for Splunk doesn't specify an index in any of the panels, perhaps it might be a case of specifying the indexes searched by default as part of the role you're running the search with?
https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html
... View more
04-18-2018
10:38 PM
Under "Manage Apps", you can access the Setup page again.
Otherwise you should be able to access it from this URL:
/en-GB/manager/microsoft_cloud_app/apps/local/microsoft_cloud_app/setup?action=edit
... View more
11-09-2017
03:36 PM
Thanks for the details! I'll update the blog post with this info.
... View more