
Configure optional settings for the Splunk Add-on for Microsoft Office 365
The Splunk Add-on for Microsoft Office 365 only supports HTTP proxy.
Prerequisites: Before you configure the Settings, complete the previous steps in the configuration process:
- Configure an integration application in Azure AD for the Splunk Add-on for Microsoft Office 365
- Configure a Tenant in the Splunk Add-on for Microsoft Office 365
- Configure Inputs for the Splunk Add-on for Microsoft Office 365
Configure Proxy and Log Level settings
Using Splunk Web, configure Proxy and Log Level settings on the Splunk platform instance that you have designated as your configuration server for this add-on.
- On your Splunk platform instance, navigate to the Splunk Web home screen.
- In the left navigation banner, click on Splunk Add-on for Microsoft Office 365.
- Click on the Settings tab.
- If you need to use a proxy:
- Click the Proxy tab
- Fill in the form with your proxy details. If your proxy server does not require authentication, leave the username and password fields empty.
- Click Save.
- To change the logging levels:
- Click the Logging tab.
- Select the Log Level.
- Click Save.
Configure the request timeout parameter for management activity inputs
Configure the request_timeout
parameter for management activity inputs.
request_timeout
is the number of seconds to wait before timeout while getting a response from the subscription API.
- The range for the parameter is from 10 to 600 seconds.
- The default value of
request_timeout
parameter is 60 seconds. - The upper limit value of a
request_timeout
parameter is 600 seconds. - The lower limit value of a
request_timeout
parameter is 10 seconds.
There are two ways to add a request_timeout
parameter with a configured input.
- Make the
request_timeout
parameter configurable to all configured inputs.- Navigate to
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local
, and create aninputs.conf
file, if it does not already exist. - Copy below stanza, and add it to the
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf
file.[splunk_ta_o365_management_activity] request_timeout = <integer>
This setting would override the default value of request_timeout defined in default/inputs.conf and it would be applicable to all configurable management activity inputs.
- Save your changes.
- Navigate to
- Make
request_timeout
parameter configurable by addingrequest_timeout
to specific management activity input. - Configure Inputs for the Splunk Add-on for Microsoft Office 365 using Splunk Web.
- Navigate to
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local
, and create aninputs.conf
file, if it does not already exist. - Open
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf
and addrequest_timeout = <integer>
parameter under each configured input. For example,[splunk_ta_o365_management_activity://<Input_Name>]
. - Save your changes.
Configure the token refresh window parameter for management activity inputs
Configure the token_refresh_window
parameter for management activity inputs.
token_refresh_window
is the number of seconds before the token expires, and must be refreshed. For example, if the token is expiring at 01:00 PM and the user has entered the 600 as a value of parameter token_refresh_window
then the token will be refreshed at 12:50 PM.
- The range for the
token_refresh_window
parameter is from 400 seconds to 3600 seconds. - The default value of
token_refresh_window
is 600 seconds. - The upper limit of
token_refresh_window
is 3600 seconds. - The lower limit of
token_refresh_window
is 400 seconds.
There are two ways to add a token_refresh_window
parameter with configured inputs.
- Make the
token_refresh_window
parameter configurable to all configured inputs. - Navigate to
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local
, and create aninputs.conf
file, if it does not already exist. - Copy the below stanza, and add it to the
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf
file.[splunk_ta_o365_management_activity] token_refresh_window = <integer>
This setting would override the default value of token_refresh_window defined in default/inputs.conf and it would be applicable to all configurable management activity inputs.
- Save your changes.
- Make the
token_refresh_window
parameter configurable by addingtoken_refresh_window
to specific management activity inputs.- Configure Inputs for the Splunk Add-on for Microsoft Office 365 using Splunk Web.
- Navigate to
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local
, and create aninputs.conf
file, if it does not already exist. - Open
$SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf
, and add thetoken_refresh_window = <integer>
parameter to each specific management activity input. For example, the[splunk_ta_o365_management_activity://<Input_Name>]
stanza. - Save your changes.
PREVIOUS Configure Office 365 Management APIs inputs for the Splunk Add-on for Microsoft Office 365 |
NEXT Configure Message Trace Input for the Splunk Add-on for Microsoft Office 365 |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!