Hello,
We use Filebeat's module for Office 365 to gather audit logs and send them to our SIEM.
We detected multiple errors in the module's logs. We can read "Event created before query" (with a little bit more information around). We need to understand the impact of this error (lost logs, logs in double, etc.).
We are wondering if anybody got this error also and if so, what is this error and what can be done to resolve it.
Here is the link to the module we use:
The filebeat version used is 7.13.4