All Apps and Add-ons

what are the conditions duplicate log occurs on microsoft office 365

Loves-to-Learn Everything

Heavy Forwarder is installed to acquire Azure AD logs. Add-on uses the following. Splunk Add-on for Microsoft Office 365 Please tell me the following description of the above Add-on troubleshooting. It is a recognition that duplicate log capture may occur, What are the conditions under which duplicate logs occur? 

Labels (1)
Tags (1)
0 Karma


Not quite sure as to what exactly are you asking, but the condition when the logs get duplicated are:

1. Two inputs querying the same eventhub or graph API to get the same sets of logs.

2. Using additional add ons like MS Azure Add on along with  to query the O365 Add on to get the logs.

3. Getting rid of the the last saved checkpoint, which then makes the add on read everything from the scratch as per the timeline of how far are you looking for logs while setting up the add on.




Thank you,
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
Get Updates on the Splunk Community!

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...