Skip to main content


Splunk Lantern

Microsoft: Office 365


Microsoft Office 365 (now called Microsoft 365) is a SaaS offering that combines the traditional Microsoft Office desktop applications, Microsoft application services, and productivity services from within Microsoft’s Azure cloud platform. Office 365 contains the same core desktop applications as the traditional versions of Microsoft Office, such as Word, Excel, PowerPoint and Outlook, as well as a suite of other apps and online services for cloud file storage, secure communication, and collaboration. These include Planner, OneDrive, Exchange, SharePoint, Yammer, and Microsoft Teams.

Microsoft Office 365 produces service status, service messages, and management activity logs that are all useful for system administrators. In the Common Information Model, Microsoft O365 data can be mapped to any of the following data models: Authentication, Change, Data Access


Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:

  • Source types:
    • o365:cas:api
    • o365:graph:api
    • o365:management:activity
    • o365:service:healthIssue
    • o365:service:update:Message
    • o365:ta:o365:log
  • Add-on or app: Splunk Add-on for Microsoft Office 365


When your Splunk deployment is ingesting Microsoft O365 data, you can use it to accomplish the following use cases: