How to check Microsoft 365 service health

Hello experts!
I have a question - How to check Microsoft 365 service health?
As far as I know, there is a module for auditing logs in the filebeat. But I would like to get the status of o365 services. Is there such a possibility or perhaps someone has already implemented this case?
Perhaps this can be done with logstash?

so far, I have not found modules that will help in solving my problem.
Now I'm using - http_poller.
But this method, in my opinion, requires a preliminary conversion from json to csv, since the state of the services is returned in one message. Any ideas on this?

I found a workaround how to get partially automatic status from o365. But I have a problem with accessing the ELK database and getting a specific field with a token to form a further request to connect to the api :frowning:

Hi @San9,

If you consider this as a useful feature, feel free to open an improvement issue in the Beats repository. Thanks!

Hi mtojek!
Thanks for the answer. For I found a lot of similar overgrowths like mine, but no one could, as far as I understood, perform connections directly due to Authorization and oauth2 problems. It would be nice to implement this, as I think there will be many similar requests. I solved my problem of connecting to the ELK database. I used a different tool and I was able to successfully get a token from the database and use it to connect to o365 and get the status of services. Now I have a problem with the correct parsing of the received message.

split - Only String and Array types are splittable. field:body is of type = Hash
[DEBUG] 2021-12-22 10:10:04.204 [[main]>worker0] mutate - filters/LogStash::Filters::Mutate: removing field {:field=>"access_token"}

split - Only String and Array types are splittable. field:value is of type = NilClass
[DEBUG] 2021-12-22 10:18:03.359 [[main]>worker0] mutate - filters/LogStash::Filters::Mutate: removing field {:field=>"access_token"}

I think you need to dig in the Logstash documentation. I remember that there was a config option to drop messages that don't fit the pattern.

Thanks, I solved this problem

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.