I have been figuring a way to pull data from Office 365 One Drive storage. The dump data that needs to be indexed are stored in one drive. I've installed the Microsoft Cloud Services add-on but need help in connecting. Am I in the right path? Thanks!
The Splunk Add-on for Microsoft Cloud Services will pull activity data for OneDrive - things like file operations, user activity, file information, etc. The add-on does not index data that resides in OneDrive though. Can you dump the data to an Azure Storage account blob or file share? The add-on can index data from a blob or table. You could mount a file share to index data as well.
Can you point me to documentation which shows that this add-on pulls OneDrive and other O365 application activity logs? So far it looks like O365 management api data, which doesn't contain user activity information.
I don’t think the ms cloud services app pulls from OneDrive. Looks like you’ll have to script your own input:
kindly read the documentation, very detailed step by step explanation. start here:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/About
installation:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Installationsteps
configuration start here and keeps on going for several pages:
http://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/ConfigureappinAzureAD
hope it helps