O365 is configured to send the messagetrace logs a...

gowthambr · ‎11-01-2018

O365 is configured to send the messagetrace logs to splunk heavyforwarder. O365 is configured to send the messagetrace logs are intermittently logged. 0365 team said there is no blocker from their end. O365 is configured to send the messagetrace logs to splunk heavyforwarder. In this case somehow the logs never came to splunk in those gaps. We are trying to understand what happened. I have attached a screenshot which shows a instance where the logging is intermittent. We had reached out to Splunk support with a vendor case and they said that they wont be able to support this as its a community app/add on. The issue continues to occur to this day.

jconger · ‎01-30-2019

Do you see any errors in the _internal index related to this add-on?

index=_internal source="*ta_ms_o365_reporting_ms_o365_message_trace*"

Also, check your input parameters like window size and delay throttle. For more information on what those settings do, check out this post -> https://answers.splunk.com/answers/719725/input-settings-for-microsoft-office-365-reporting.html

patilsonali1729 · ‎01-14-2019

any update on this?

marycordova · ‎01-14-2019

This Add-on has been pretty reliable for me so this seems pretty odd...

@marycordova

O365 is configured to send the messagetrace logs are intermittently logged.

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!