Is possible to use Filebeat o365 plugin on "offline" data

Jirka_Liska · April 14, 2023, 10:30am

Hello community!

I have recently discovered o365 module for Filebeat (Office 365 module | Filebeat Reference [8.7] | Elastic).
My question is: is it possible to use it for offline data?
I'm interested to have it since it's parse data in ECS and also I would love to use its dashboard.
Offline data for me means - export UAL logs from https://compliance.microsoft.com/ in CSV and use Filebeat to grab it and import to Elastic stack. I'm not interested in monitoring live data rather I want to work on data I actually need.

Thanks in advance!

Rios · April 14, 2023, 1:25pm

If you will manually transfer logs from your location to FB like a dedicated directory, then FB will process in the service mode or only run FB when you copy logs.
Since you have logs in CSV format, you can directly do it in Kibana.

system · May 12, 2023, 3:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
MS Office 365 beat Beats	3	4383	November 21, 2017
Offcice 365 with beat? Beats	6	2266	August 22, 2017
O365beat v1.2.0 released - Office 365 log shipper Community Ecosystem	9	6538	June 23, 2020
Office 365 Module , Filebeat, Logstash, and Elastic Search Beats beats-module , filebeat	4	466	July 16, 2021
Office 365 Filebeat Module - Improve ECS utilization Beats ecs-elastic-common-schema , filebeat	3	666	October 25, 2022

Is possible to use Filebeat o365 plugin on "offline" data

Related topics