I have O365 logs in Splunk. I want to find all shared files/folders plus display sensitivity labels of these files.
All valuable information is in the same source type (sourcetype="o365:management:activity") but in separate log rows.
I want to see on my dashboard:
CreationTime; ObjectId; Operation; SensitivityLabelId; Location; ProcessName; ProductVersion