Hello,   i'm experiencing an issue with the splunk TA for O365 and in particular with the Sharepoint Management Activity Logs. The issue is this: 1) 10:00 AM i activate the input 2) 10:01 AM Splunk starts to collect 10:00 AM events 3) 10:05 AM Splunk continues to collect Sharepoint logs but going behind in time! (9:59 AM, 9:58 AM and so on) 4) 11:00 AM Splunk is still collecting logs in the past but the temporary token expires and the input is closed and reopened 5) 11:00 AM Splunk reopen the input 6) 11:01 AM Splunk starts to collect 11:00 AM events 7) JUMP to step 3 but 1 hour later   May you know how to not ask splunk to go behind and starts to collect in time?   Regards   Marco ... View more