I'm trying to find a scenario to get logs(audit, security) from Office365.
O365 have an API called : Office365 Management Logs
so how to collect these logs and send it to logstash via filebeat
i resume
O365 API <= API client => .logfile <=filebeat=> logstash=>ES cluster ? correct ?
I think you could do then entirely with a custom Beat that subscribes to the feed over HTTPS and publishes the events. We have a developer guide if you want to try building one and there are numerous other community developed Beats.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.