I'm trying to find a scenario to get logs(audit, security) from Office365.
O365 have an API called : Office365 Management Logs
so how to collect these logs and send it to logstash via filebeat
O365 API <= API client => .logfile <=filebeat=> logstash=>ES cluster ? correct ?
Someone else was asking this too in Offcice 365 with beat?.
I think you could do then entirely with a custom Beat that subscribes to the feed over HTTPS and publishes the events. We have a developer guide if you want to try building one and there are numerous other community developed Beats.
This topic was automatically closed after 21 days. New replies are no longer allowed.