Hi,
we test the o365 integration in elastic. Most works correct, but we don´t see the failed loggins.
We only see the success state.
In O365 it shows alle failed loggins, but no logs in elastic.
ELK Stack: 8.8.2
Integration Version: 1.16.0
Where can I start the debug?
Regards
Hi @helldunkel,
I assume you are using the O365 filebeat plugin rather than a Fleet integration?
Can you see any errors in either the Filebeat logs or Elasticsearch logs?
Hi,
I manage the integrations over fleet. So I think it´s the fleet integration?
I´m realy new in elastic, where I find this relevant logs?
I think the Fleet Agent logs are what you need:
After searching inside our logs we saw the logs are in the database. Only the default dashboard uses the wrong values.
So the integration works, only the dashboard not.
Thanks for sharing the solution @helldunkel. If it's the sample dashboard that comes with the module that you're having issues with I would recommend raising a GitHub issue if you can.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.