This app only supports data collected using the Splunk Add-on for Microsoft Office 365
If you are still using a legacy version of the Microsoft Cloud Services Add-on to ingest M365 data, it's recommended you use the dedicated O365 Add-on to ensure accuracy of results: https://splunkbase.splunk.com/app/4055/
Requirements:
This version leverages additional visualisations that do not ship with Splunk Enterprise. For the best experience, please also install the following visualisations:
Sankey Diagram: https://splunkbase.splunk.com/app/3112/
Timeline: https://splunkbase.splunk.com/app/3120
Semicircle Donut: https://splunkbase.splunk.com/app/4378
Note: These are not explicitly required, however certain panels will need to be modified to leverage the standard visualisations.
To provide feedback or enhancement requests please contact me: ry@splunk.com and/or submit a question on Splunk Answers: http://answers.splunk.com/answers/app/3786
Use of this app is permitted subject to your obligations, including data privacy obligations, under your agreement with Splunk and Splunk's Privacy Policy. https://www.splunk.com/en_us/legal/privacy/privacy-policy.html
Updated support for SSAI for Splunk Cloud SHC.
Added support for SSAI for Splunk Cloud SHC.
New dashboards!
Exchange Message Trace:
- Overview
- Audit
- Health
Microsoft Teams call records:
- Call Overview
- Call QoS
- Call Search
- Call Detail
* Teams call record data collected using the Microsoft Teams Add-on for Splunk: https://splunkbase.splunk.com/app/4994/
Bug Fixes:
- Fixed time pickers that were set with static dates. (Teams Overview, etc).
- Updated searches that referenced "user" field with "UserId" instead
v3.1.1
New Dashboards:
M365 Usage & Adoption
Microsoft Teams Overview
Microsoft Teams Security Monitoring
Microsoft Teams Activity Audit
Bug Fixes:
- Fixed time pickers that were set with static dates
- Included default entry "index=*" in `m365_default_index`
- Updated `SharePoint_ObjectSite` macro with better condition match
v3.0.1 removes dashboard support for M365 management data ingested using the Microsoft Cloud Services Add-on.
If your sourcetype is "ms:o365:management", you must migrate your inputs to the official Splunk Add-on for Microsoft Office 365: https://splunkbase.splunk.com/app/4055/
Updates:
- New Security & Compliance Center dashboard
- Full step-by-step onboarding guide for configuring an Azure App Registration and the O365 Add-on
- User Audit search
- Dark mode default for all dashboards
- Updated searches to include default index macro. Edit the m365_default_index macro to include your M365 index.
Requirements:
This version uses additional visualisations that do not ship with Splunk Enterprise. For the best experience, install the following visualisations:
Sankey Diagram: https://splunkbase.splunk.com/app/3112/
Timeline: https://splunkbase.splunk.com/app/3120
Semicircle Donut: https://splunkbase.splunk.com/app/4378
Note: These are not explicitly required, however certain panels will need updating.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.