I'm playing around with the Splunk App for Microsoft Exchange app and it appears to only work on an internal network from what I've read. I've scoured this site and the web to see if there is a way to either put a forwarder within Office 365 or do a remote event log connection. No luck finding a solution so far. Any feedback would be greatly appreciated. Thanks!
Update: The Office 365 Exchange administration GUI is locked down to the extent that you can't get to a command line to install a forwarder. I opened a ticket with MS so we'll see. The remote event log option may be the only one but I get the following error when I click on "find logs". Still working it. Failed to fetch data: In handler 'win-wmi-enum-eventlogs': Unable to get wmi classes from host 'mydomain.onmicrosoft.com'. This host may not be reachable or WMI may be misconfigured.
... View more