Thanks for the clarification! I am running this by the team now... ... View more

Mine was failing also until I added the parameter above and install went through fine. ... View more

Thanks! This works great unless the SAML role mapping has been deleted. ... View more

Create a Support Request to have Splunk Cloud Support update the app in your cluster. ... View more

Has anyone had any issues with this add-on since upgrading the Splunk upgrade to python3? I was troubleshooting this today with the guidance of this thread but every time I change the config, the actual http GET request to office365 does not change. I removed the add-on then tried to re-install but the verification fails now. I'm just wondering if anyone else is having similar issues. ... View more

Hi @ASierra, what the frequency of this alert? if it's e.g. every day, you could run a search like this: index=your_index "Windows Installer installed the product" earliest=-24h | rex "Product Name: (?<Product_Name>.+)\. Product Version: (?<Product_Version>.+)\. Product Language" | stats dc(Product_Version) AS dc_pv BY host Product_Name | where dc_pv>1 Ciao. Giuseppe ,  ... View more