We have Cloud App Security (CAS) Alerts set to be pulled at an interval of every 5 minutes. This was the default when we set it up. What we're finding is that the same alert is being pulled every 5 minutes. The alert ID and URL are both identical, so is all the content.
Here's the inputs.conf snippet:
[splunk_ta_o365_cloud_app_security://CAS_Alerts] content_type = Alerts index = o365 interval = 300