Hello,
I have an enterprise license within elastic.
I have an O365 agent deployed that collects logs. I can view them using dashboards.
How do I please set up the logs from O365 to go through the connector to Mail? If there is any error or anomaly send mail to certain address.
What do I need to do for this and where can I possibly set this up? Any experience possibly? Everything is set in Elastic as GUI? Set anything in Entra AAD in application? or set something on the VM server where the logs go? Kibana is designed for this alerting?
Thank you for any advice
have a nice day
Hi Martin
Yes, of course, any aspect of your log collection can be made into an alert - assuming you can define a rule/threshold to invoke the alert.
There are a few parts to the alerting process:
- Define a connector that any defined alert rules can use to notify you (email, slack, etc.)
- Define the rule for the alert which includes what data are you looking at, what aspect of the data is important (i.e. count the number of logs with the word "ERROR" in it or sum up a field called "bytes" over time, etc.) - and also define the condition that makes the condition alertable (i.e. the threshold) and the desired action (via connector) that you want to invoke for that rule (i.e. email, etc.)