Hello,
I'm trying to find a scenario to get logs(audit, security) from Office365.
O365 have an API called : Office365 Management Logs
so how to collect these logs and send it to logstash via filebeat
i resume
O365 API <= API client => .logfile <=filebeat=> logstash=>ES cluster ? correct ?
thnak you 
Someone else was asking this too in Offcice 365 with beat?.
I think you could do then entirely with a custom Beat that subscribes to the feed over HTTPS and publishes the events. We have a developer guide if you want to try building one and there are numerous other community developed Beats.
@saif It's correctly!
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.