All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I getting an error instead of data with MSO365 Reporting add on for Splunk?

MikeBertelsen
Communicator
‎04-02-2018 12:36 PM

Reviewing the /opt/splunk/var/log/splunk/ta_ms_o365_reporting_ms_o365_message_trace.log,
I see the following: 

2018-04-02 10:32:15,061 ERROR pid=31792 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 401 Client Error: Unauthorized for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$format=json&orderby=Received%20asc&$filter=StartDate%20eq%20datetime'2018-03-28T10:32:14.556660Z'%20and%20EndDate%20eq%20datetime'2018-04-02T15:29:14.556674Z'

Any help would be appreciated

0 Karma
Reply

kaviyab
New Member
‎09-25-2018 03:51 AM

Hi,

Can we use oauth (bearer) token to get these details?

Thanks,
Kaviya,

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎04-03-2018 07:47 AM

This add-on makes use of the Office 365 Reporting Web Service. It is pretty easy to test this web service outside of Splunk using cURL or Postman (my personal favorite as of this writing) because the web service uses Basic Auth - meaning you can enter your O365 username and password and send the request without having to obtain an OAuth access token.

Here is a screenshot of using Postman to test the web service:

alt text

Try copying/pasting the URL you get in the error message into cURL or Postman to get more information.

Preview file
1 KB
0 Karma
Reply

GarethPayne
New Member
‎04-03-2018 03:03 AM

I was also getting this error. Under the configuration section of the Reporting Add-on, I re-entered the username (SMTP address) and password and saved. Connection into Office365 was then good and the error ceased.

0 Karma
Reply

xvieni
Engager
‎04-03-2018 12:08 AM

We experienced the exact same symptoms when we deployed this app. After some investigation together with our windows/AD guys we found that the O365-account we are using for this was setup for “multifactor authentication”.
After configuring the correct exceptions for this account everything is working perfectly.

//Nico

0 Karma
Reply

kaviyab
New Member
‎09-26-2018 02:35 AM

Can u please share the steps to resolve this issue for “multi factor authentication” environment?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...