Connect to your Microsoft Office 365 account with the Splunk Add-on for Microsoft Cloud Services
Set up integration between the Splunk Add-on for Microsoft Cloud Services and your Microsoft Office 365 account so that you can ingest your Microsoft cloud services data into the Splunk platform.
Note: You can only connect to your account using Splunk Web, configure Microsoft Office 365 account via configuration file is not supported.
Prerequisite: Before you complete these steps, follow the directions in Configure an Active Directory Application in Azure AD for the Splunk Add-on for Microsoft Cloud Services to prepare your Microsoft account for this integration.
Connect to your account using Splunk Web
1. Clear your cache, start a new browser session, or use a different browser than the one you use to sign in to the Azure AD admin console. This best practice helps to avoid issues with incorrectly cached credentials that interfere with the OAuth dance.
2. Access Splunk Web on the node of your Splunk platform installation that collects data for this add-on.
3. Launch the add-on, then click Configuration > O365 account.
4. Click Account > Add Account.
5. Enter a friendly Name for the account.
6. Chose the account type, public or GCC High if you are using the high-security government version.
7. Enter the Client ID that Azure AD automatically assigned to your integration application.
8. In the Key (Client Secret) field, enter the secret key that you created for your application in the Azure AD console.
9. Click Add.
10. The Splunk Add-on for Microsoft Cloud Services authenticates using the client ID and secret you provided. Microsoft prompts you to log in with your account credentials to complete the authentication.
Troubleshoot the Splunk Add-on for Microsoft Cloud Services
Enable a saved search
This documentation applies to the following versions of Splunk® Supported Add-ons: released