Splunk® Supported Add-ons

Splunk Add-on for Microsoft Office 365

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for Microsoft Office 365

Version 4.3.0 of the Splunk Add-on for Microsoft Office 365 was released on April 20th, 2023.

Version 4.3.0 and higher is expected to have around 1% of event duplication for the Management Activity input in the Splunk platform due to duplicate events from the Microsoft API.

About this release

Version 4.3.0 of the Splunk Add-on for Microsoft Office 365 is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.2.x, 9.0.x
CIM 5.0.0
Supported OS Platform independent
Vendor products Microsoft Office 365

New features

Version 4.3.0 of the Splunk Add-on for Microsoft Office 365 has the following new features.

  • Improved data collection approach and checkpointing mechanism for management activity inputs for faster ingestion rates with lower memory usage.
  • Added support for configurable Start date/time for management activity inputs.
  • Optimized data collection and checkpointing mechanisms for Audit Logs and Service Health & Communications inputs with lower memory usage.
  • Fixed the data duplication issue for Mailbox, Office 365, OneDrive, SharePoint, Teams and Yammer.
  • Migrated to KVstore checkpoint for Audit Logs and Service Health & Communications, Mailbox, Office 365, OneDrive, SharePoint, Teams and Yammer from the current file-based checkpoint mechanism.

Fixed Issues

Version 4.3.0 of the Splunk Add-on for Microsoft Office 365 contains the following, if any, fixed issues.


Date resolved Issue number Description
2023-02-21 ADDON-59901 Management activity input data collection not working when listenOnIPV6=yes in web.conf and server.conf

Known issues

Version 4.3.0 of the Splunk Add-on for Microsoft Office 365 contains the following, if any, known issues.


Date filed Issue number Description
2022-05-09 ADDON-51460 O365 TA - Cloud App Security -> Cloud Discovery Input is not working

Third-party software attributions

Version 4.3.0 of the Splunk Add-on for Microsoft Office 365 incorporates the following third-party software or libraries.

Third-party software attributions for the Splunk Add-on for Microsoft Office 365

Last modified on 12 June, 2023
PREVIOUS
Source types for the Splunk Add-on for Microsoft Office 365 		  NEXT
Release history for the Splunk Add-on for Microsoft Office 365

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters