Any good debugging steps for the O365 activity log source. We set it up correctly could validate the tokens but even with a poll intervall of 1 Min I am not getting any data nor any logs. Would appreciate any debugging steps to help me understand the mess I created.
Page 1 / 1
You have to create an app in O365. The app has to have appropriate read permissions to the activity logs, then you have to have a source that is enabled.
After you set up the App in O365 you have to send a curl command to start your O365 Content Subscription. (This is a 2 step process). Once you get a working app, with appropriate permissions and a content subscription activated you should be able to make api calls
The steps to complete the setup can be found here: Office 365 Activity | Cribl Docs
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.