- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Microsoft Office 365 Reporting Add-on for Splunk: ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Microsoft Office 365 Reporting Add-on for Splunk: HTTP Request Error 400
I have the Office 365 Reporting Add-on for Splunk installed and configured. When the URL is sent by the app to get the data, I am getting an HTTP Request Error 400. The actual line in the log file is below:
HTTP Request error: 400 Client Error: Bad Request for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$format=json&orderb...'
Any idea what the issue could be? I did try the URL above outside the app using my credentials for O365 and I get the same 400 HTTP error. Any assistance would be great.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was also having this issue trying to get Audit.General logs. It turns out there is a python script packaged with the app that sets a time-delta threshold. I fixed this by lowering the threshold from the default 7 days (packaged with the app) to match our environment (which happens to be six days).
The script is:
bin/splunk_ta_o365/modinputs/management_activity.py.
The line I had to change was:
last_updated_time = datetime.utcfromtimestamp(now) - timedelta(days=7)
Not the ideal solution, but it seems to work. I hope the next version of the app makes this a configurable parameter.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This error occurs if you specify a collection starting date > 7 days in the past. Some references:
https://msdn.microsoft.com/en-us/office-365/troubleshooting-the-office-365-management-activity-api
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a limit to how far back you can go. The max is 7 days in the past. This is a Microsoft API limit unfortunately. However, you can run a message trace in the Office 365 admin center father back than 7 days. You can export this data to CSV and import to Splunk if necessary.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, for me getting an error on 401 Client Error for Unauthorized URL.
2017-11-12 09:01:37,305 ERROR pid=21224 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 401 Client Error: Unauthorized for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$format=json&orderb...'
I tried the above URL from the web, but I cannot login inside.
Any details will be helpful.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It appears that I only get this error if I fill in the optional Start Date/Time field. Is there a bug there, maybe? I need to go back and get data from June 2017 until today.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am wondering if there is a limit to how far back you can go to grab data as I verified the format of the URL is correct. Can anyone verify how far back you can grab trace data from O365?
Updated Team Landing Page in Splunk Observability
New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
