The Office 365 data Splunk app enables data analysts and IT administrators to import the data they need to get their organization more productive and finally makes Office 365 data available to third party BI platforms

Перейти к файлу

microsoft-github-policy-service[bot] ef92d54416 Auto merge mandatory file pr This pr is auto merged as it contains a mandatory file and is opened for more than 10 days.		2023-06-14 15:20:17 +00:00
doc	Working on upgrading to SDK v2.0 & Merging Glenn's changes	2014-12-11 23:52:36 -08:00
o365ToSplunkDataImport	Added new Browser and OS client reports + updated RWS client lib dll + fixed issue with app.config which was not compliant with Splunk	2014-12-16 20:23:31 -08:00
packages	Initial source commit	2014-11-20 22:56:05 -08:00
.gitattributes	Initial source commit	2014-11-20 22:56:05 -08:00
.gitignore	Updating all packages, fixing validation code to use new method. Making sure spl is properly created, and all files are copied to %SPLUNK_HOME% folder	2014-12-09 01:36:20 -08:00
LICENSE	Initial commit	2014-11-20 18:01:04 -08:00
README.md	Implemented DebugAttachedPoints + upgraded to Splunk SDK 2.1.1 + Added new reports + Continuous fetching	2014-12-16 18:34:30 -08:00
SECURITY.md	Microsoft mandatory file	2023-06-02 22:02:26 +00:00
o365tosplunkdataimportapp-vs.sln	Implemented DebugAttachedPoints + upgraded to Splunk SDK 2.1.1 + Added new reports + Continuous fetching	2014-12-16 18:34:30 -08:00

README.md

Office 365 to Splunk data import app

The Office 365 data Splunk app enables data analysts and IT administrators to import the data they need to get their organization more productive and finally makes Office 365 data available to Splunk

Pre-requisites

Splunk 6.x Enterprise
Windows 7 and later, and Windows Server 2008 and later

Note: Tested with Splunk Enterprise 6.0, 6.1 and 6.2

Dependencies

Note: Office 365 reporting web service client library is also an open source project: https://github.com/Microsoft/o365rwsclient

Known limitations

Currently, the 'StreamEvents' method will be called once when Splunk run the executable, which means that it does not yet continuously pull data from Office 365 reporting web service. Some extra logic should be implemented to hanlde this. We have fixed this in 1.1 beta!
We have not yet created all the report proxy classes, which means that you may not be able to fetch data from some of your tenant's subscription.
We save a ".progress" file in the bin folder of the application in order to track the timestamp the last fetch occured. The current issue is that the progress is identified with the Splunk stream name, which means that if you created a stream with name, say "MailboxUsageDetail1", fetched data and then deleted that stream, the progress file is NOT currently deleted, so if you create a new stream with the same name, "MailboxUsageDetail1", the software will pick up the progress file from the previous file!!!
If you create a data stream with an "End Date", the software will keep running forever even if it does not fetch data anymore. To save resources on your Splunk server, you should consider disabling a stream that has finished fetching data.

Building and deploying at dev box

The project file has build events that pushes the projects file to a %SPLUNK_HOME% location, which you will need to create in your system environment variables