Splunk® Supported Add-ons

Splunk Add-on for Microsoft Office 365

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure optional settings for the Splunk Add-on for Microsoft Office 365

Prerequisites: Before you configure the Settings, complete the previous steps in the configuration process:

Configure Proxy and Log Level settings

Using Splunk Web, configure Proxy and Log Level settings on the Splunk platform instance that you have designated as your configuration server for this add-on.

  1. On your Splunk platform instance, navigate to the Splunk Web home screen.
  2. In the left navigation banner, click on Splunk Add-on for Microsoft Office 365.
  3. Click on the Settings tab.
  4. If you need to use a proxy:
    1. Click the Proxy tab
    2. Fill in the form with your proxy details. If your proxy server does not require authentication, leave the username and password fields empty.
    3. Click Save.
  5. To change the logging levels:
    1. Click the Logging tab.
    2. Select the Log Level.
    3. Click Save.

Configure the request timeout parameter for management activity inputs

Configure the request_timeout parameter for management activity inputs.

request_timeout is the number of seconds to wait before timeout while getting a response from the subscription API.

  • The range for the parameter is from 10 to 600 seconds.
  • The default value of request_timeout parameter is 60 seconds.
  • The upper limit value of a request_timeout parameter is 600 seconds.
  • The lower limit value of a request_timeout parameter is 10 seconds.

There are two ways to add a request_timeout parameter with a configured input.

  1. Make the request_timeout parameter configurable to all configured inputs.
    1. Navigate to $SPLUNK_HOME/etc/apps/splunk_ta_o365/local, and create an inputs.conf file, if it does not already exist.
    2. Copy below stanza, and add it to the $SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf file. 
      [splunk_ta_o365_management_activity]
request_timeout = <integer>

      This setting would override the default value of request_timeout defined in default/inputs.conf and it would be applicable to all configurable management activity inputs.

    3. Save your changes.
  2. Make request_timeout parameter configurable by adding request_timeout to specific management activity input.
    1. Configure Inputs for the Splunk Add-on for Microsoft Office 365 using Splunk Web.
    2. Navigate to $SPLUNK_HOME/etc/apps/splunk_ta_o365/local, and create an inputs.conf file, if it does not already exist.
    3. Open $SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf and add request_timeout = <integer> parameter under each configured input. For example, [splunk_ta_o365_management_activity://<Input_Name>].
    4. Save your changes.

Configure the token refresh window parameter for management activity inputs

Configure the token_refresh_window parameter for management activity inputs.

token_refresh_window is the number of seconds before the token expires, and must be refreshed. For example, if the token is expiring at 01:00 PM and the user has entered the 600 as a value of parameter token_refresh_window then the token will be refreshed at 12:50 PM.

  • The range for the token_refresh_window parameter is from 400 seconds to 3600 seconds.
  • The default value of token_refresh_window is 600 seconds.
  • The upper limit of token_refresh_window is 3600 seconds.
  • The lower limit of token_refresh_window is 400 seconds.

There are two ways to add a token_refresh_window parameter with configured inputs.

  1. Make the token_refresh_window parameter configurable to all configured inputs.
    1. Navigate to $SPLUNK_HOME/etc/apps/splunk_ta_o365/local, and create an inputs.conf file, if it does not already exist.
    2. Copy the below stanza, and add it to the $SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf file. 
      [splunk_ta_o365_management_activity]
token_refresh_window = <integer>

      This setting would override the default value of token_refresh_window defined in default/inputs.conf and it would be applicable to all configurable management activity inputs.

    3. Save your changes.
  2. Make the token_refresh_window parameter configurable by adding token_refresh_window to specific management activity inputs.
    1. Configure Inputs for the Splunk Add-on for Microsoft Office 365 using Splunk Web.
    2. Navigate to $SPLUNK_HOME/etc/apps/splunk_ta_o365/local, and create an inputs.conf file, if it does not already exist.
    3. Open $SPLUNK_HOME/etc/apps/splunk_ta_o365/local/inputs.conf, and add the token_refresh_window = <integer> parameter to each specific management activity input. For example, the [splunk_ta_o365_management_activity://<Input_Name>] stanza.
    4. Save your changes.
Last modified on 23 December, 2022
PREVIOUS
Configure Office 365 Management APIs inputs for the Splunk Add-on for Microsoft Office 365 		  NEXT
Configure Message Trace Input for the Splunk Add-on for Microsoft Office 365

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters