Hi Pedro, I was just having the same issue. And I also found an article on the Microsoft page telling, that those logs are always 24h delayed. https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-service-communications-api-reference They also say there, we need to use the messages to get new updates during the day. So I modified the search on the "Microsoft 365 App for Splunk" App. They are using at the moment this search to display the latest status: index=azure `o365_service_status` | stats latest(FeatureStatus{}.FeatureServiceStatusDisplayName) AS Status by WorkloadDisplayName | rename WorkloadDisplayName AS Workload | sort - Status If I update to this search, it works for me: (index=azure (sourcetype="o365:service:status" OR (sourcetype="o365:service:message" FeatureDisplayName="*")))
| stats latest(Status) AS Status by WorkloadDisplayName | rename WorkloadDisplayName AS Workload | sort - Status As you can see I had to use the other sourcetype, plust another field in the stats. Hope that helps you too.
... View more