Hi everyone,
We just integrated Office 365 and we followed the steps describen in the integration. The API is showing that requests from Azure are ok, but the logs in Kibana comes like with 7 days of delay, so we don't know if this is a configuration from Azure, did anyone have experienced that? I attached and image with the logs that we are receiving.
Hello,
Fyi, we have a little latency, like 15 minutes or so. 7 days seems not right. Is this with the Elastic Agent integration or the FIlebeat module?
WillemD
Yes that's why we are confused, we have another cluster with the same but the logs come in real time. This is with an Elastic Agent, we are using the Microsoft 365 Integration.
So maybe someone has experienced this before, maybe it's not related with Elastic, insted is Microsoft.
Barring any issues with your API, this could be the one Microsoft thing that I've seen over the years. Microsoft does not guarantee timely delivery of logs to their API. I've seen logs come in a year late before just because that's when whatever goes on with their backend finally coughed up the logs to the API. I've seen many people think they are going to get Microsoft to fix this by opening tickets with them; has yet to change in the years I've been in security and looking at Microsoft logs every day.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
