Splunk® Supported Add-ons

Splunk Add-on for Microsoft Office 365

Download manual as PDF

Download topic as PDF

Install the Splunk Add-on for Microsoft Office 365

You can install the Splunk Add-on for Microsoft Office 365 with Splunk Web or from the command line. You can install the add-on onto any type of Splunk Enterprise or Splunk Cloud instance (indexer, search head, or forwarder).

  1. Download the Splunk Add-on for Microsoft Office 365 from Splunkbase.
  2. Determine where and how to install this add-on in your deployment.
  3. Perform any prerequisite steps before installing.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthrough section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.

Distributed installation of this add-on

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads where Microsoft Office 365 knowledge management is required. Select one node, either a search head or a heavy forwarder, to serve as the configuration server for this add-on, and disable visibility of the add-on in all other locations.
Indexers Yes Conditional Not required if you use heavy forwarders to collect Microsoft Office 365 data. Required if you configure data collection directly from your search head or use light forwarders.
Heavy Forwarders Yes No If installed on heavy forwarders, does not need to be installed on indexers. Select one node, either a search head or a heavy forwarder, to serve as the configuration server for this add-on, and disable visibility of the add-on in all other locations.
Universal Forwarders No No Universal forwarders are not supported for data collection, because the modular inputs require Python and the Splunk REST handler.
Light Forwarders Yes No You must also install this add-on on your indexers if you use a light forwarder rather than a heavy forwarder to collect Microsoft Office 365 data.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes Disable add-on visibility on search heads.
Indexer Clusters Yes
Deployment Server Yes Supported for deploying the unconfigured add-on only. Configure this add-on using the add-on's configuration UI from one node only.

Installation walkthrough

See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

PREVIOUS
Installation and configuration overview for the Splunk Add-on for Microsoft Office 365
  NEXT
Configure an integration application in Azure AD for the Splunk Add-on for Microsoft Office 365

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Comments

For **SPLUNK CLOUD** If you are configuring the Add-on in an on-prem instance (heavy forwarder), make sure you create zombie indexes that match your indexes in the Cloud so you can select them when configuring the inputs and they can be indexed correctly.

Jrojas splunk, Splunker
April 5, 2019

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters