Splunk® Supported Add-ons

Splunk Add-on for Microsoft Cloud Services

Download manual as PDF

Download topic as PDF

Connect to your Microsoft Office 365 account with the Splunk Add-on for Microsoft Cloud Services

Set up integration between the Splunk Add-on for Microsoft Cloud Services and your Microsoft Office 365 account so that you can ingest your Microsoft cloud services data into the Splunk platform.

Note: You can only connect to your account using Splunk Web, configure Microsoft Office 365 account via configuration file is not supported.

Prerequisite: Before you complete these steps, follow the directions in Configure an Active Directory Application in Azure AD for the Splunk Add-on for Microsoft Cloud Services to prepare your Microsoft account for this integration.

Connect to your account using Splunk Web

1. Clear your cache, start a new browser session, or use a different browser than the one you use to sign in to the Azure AD admin console. This best practice helps to avoid issues with incorrectly cached credentials that interfere with the OAuth dance.

2. Access Splunk Web on the node of your Splunk platform installation that collects data for this add-on.

3. Launch the add-on, then click Configuration > O365 account.

4. Click Account > Add Account.

5. Enter a friendly Name for the account.

6. Chose the account type, public or GCC High if you are using the high-security government version.

7. Enter the Client ID that Azure AD automatically assigned to your integration application.

8. In the Key (Client Secret) field, enter the secret key that you created for your application in the Azure AD console.

9. Click Add.

10. The Splunk Add-on for Microsoft Cloud Services authenticates using the client ID and secret you provided. Microsoft prompts you to log in with your account credentials to complete the authentication.

Next step: Configure a certificate and private key to enable service-to-service calls for the Splunk Add-on for Microsoft Cloud Services.

 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters