Skip to content

Splunk Add-on for Microsoft Office 365

Version 4.5.2
Vendor Products Microsoft Office 365
Splunk platform versions 9.1.x, 9.2.x, 9.3.x
Platforms Platform independent

Note

Version 4.3.0 and higher is expected to have around 1% of event duplication for the Management Activity input in the Splunk platform due to duplicate events from the Microsoft API.

The Splunk Add-on for Microsoft Office 365 replaces the modular input for the Office 365 Management API within the Splunk Add-on for Microsoft Cloud Services.

The Splunk Add-on for Microsoft Office 365 allows a Splunk software administrator to pull service status, service messages, and management activity logs from the Office 365 Management Activity API and the Office 365 Service Communications API. You can collect:

  • Audit logs for Azure Active Directory, Sharepoint Online, and Exchange Online, supported by the Office 365 Management API. For more details, see the Office 365 Management Activity API reference on the Microsoft website.
  • Historical and current service status, and service messages for the corresponding Office 365 Service Communications API.
  • Data Loss Prevention events via the Office 365 Management Activity API.
  • Message Trace event via the Office 365 Message Trace Report API.

After the Splunk platform indexes the events, you can then directly analyze the data or use it as a contextual data feed to correlate with other data in the Splunk platform.

Search the Splunk Community page for more information about this add-on.