Problem:
I want to ingest the Microsoft Teams logs using Microsoft Office 365 Audit Source
I have configured the Microsoft Office 365 Audit source as per this doc.
Currently under Microsoft Office 365 Audit Source in SumoLogic, I see below content types but there is nothing for Microsoft Teams
- Office 365 Azure AD logs
- Office 365 Exchange logs
- Office 365 SharePoint logs
- Office 365 General logs
Resolution:
Microsoft Teams logs fall under "Office 365 General logs".
Please make sure that auditing is turned ON in Teams. Please see below MS documentation.
https://docs.microsoft.com/en-us/microsoftteams/audit-log-events#teams-activities
Once this is done, you can find the Microsoft Teams logs under the workload "MicrosoftTeams". The query would be similar to below, just replace the collector and source name
_source=<source name> and _collector=<collector name.
| json "Workload"
| where Workload="MicrosoftTeams"
Comments
0 comments
Please sign in to leave a comment.