Connect to your Microsoft Office 365 account with the Splunk Add-on for Microsoft Cloud Services
Set up integration between the Splunk Add-on for Microsoft Cloud Services and your Microsoft Office 365 account so that you can ingest your Microsoft Cloud Services data into the Splunk platform.
You can connect to your account only using Splunk Web. Configuring your Microsoft Office 365 account with configuration files is not supported.
Before you complete these steps, follow the directions in Configure an Active Directory Application in Azure Active Directory for the Splunk Add-on for Microsoft Cloud Services to prepare your Microsoft account for this integration.
Connect to your account using Splunk Web
1. Clear your cache, start a new browser session, or use a different browser than the one you use to sign in to the Azure Active Directory admin console. This best practice helps to avoid issues with incorrectly cached credentials that interfere with OAuthentication.
2. Access Splunk Web on the node of your Splunk platform installation that collects data for this add-on.
3. Open the add-on, then select Configuration > O365 account.
4. Select Account > Add Account.
5. Enter a friendly Name for the account.
6. Choose the public account type, or choose GCC High if you are using the high-security government version.
7. Enter the Client ID that Azure Active Directory automatically assigned to your integration application.
8. In the Key (Client Secret) field, enter the secret key that you created for your application in the Azure Active Directory console.
9. Select Add.
10. The Splunk Add-on for Microsoft Cloud Services authenticates using the client ID and secret you provided. Microsoft prompts you to log in with your account credentials to complete the authentication.
Configure Office 365 Management APIs inputs for the Splunk Add-on for Microsoft Cloud Services
Enable a saved search
This documentation applies to the following versions of Splunk® Supported Add-ons: released