All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

CurrentStatus Logs from Service Communications API in Office 365 Addon & CloudServices Addon - Log Delay

adityapavan18
Contributor
‎12-12-2018 09:52 AM

The logs ingested from endpoint "https://manage.office.com/api/v1.0/tenantid/ServiceComms/CurrentStatus" in splunk via Splunk Addon from Cloud Services & Splunk Addon for Microsoft Office 365 both are a day old.

Logs for CurrentStatus endpoint show events which have a 24 hour old timestamp. Is this a bug in the add-on? or does Microsoft Current Status Logs from API can only give you details for 24hours old data.

Indextime shows current datettime - 2018-12-11 12:45:19.207
But the actual _time on the event shows 2018-12-11 12:45:19.207

Is this a splunk bug?

0 Karma
Reply

melvinfuglem
Explorer
‎06-26-2019 03:09 AM

This is not a splunk bug. The CurrentStatus response will contain the status and any incidents within the previous 24 hours. The StatusDate or StatusTime value returned will be exactly 24 hours in the past. So Current Status is acctually yesterdays Status.

https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-service-communications-...

0 Karma
Reply

brittainybarnes
Engager
‎02-12-2019 02:34 PM

It's actually a feature built-in to O365. There are certain audits that are generated within 30 minutes, and others that take 24 hours.
See here: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-c...

0 Karma
Reply

laurennt
New Member
‎03-18-2019 09:02 AM

This does not really answer the OPs question as CurrentStatus is not a function of auditing users. It is the status of the service we are having the same issue and trying to determine why it is 24 hours behind when Epoch time it is requesting is current

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...