MS Office 365 beat


I'm trying to find a scenario to get logs(audit, security) from Office365.
O365 have an API called : Office365 Management Logs
so how to collect these logs and send it to logstash via filebeat

i resume

O365 API <= API client => .logfile <=filebeat=> logstash=>ES cluster ? correct ?

thnak you :slight_smile:

Someone else was asking this too in Offcice 365 with beat?.

I think you could do then entirely with a custom Beat that subscribes to the feed over HTTPS and publishes the events. We have a developer guide if you want to try building one and there are numerous other community developed Beats.

1 Like

@saif It's correctly!

1 Like

This topic was automatically closed after 21 days. New replies are no longer allowed.