I want to ingest the Microsoft Teams logs using Microsoft Office 365 Audit Source
I have configured the Microsoft Office 365 Audit source as per this doc.
Currently under Microsoft Office 365 Audit Source in SumoLogic, I see below content types but there is nothing for Microsoft Teams
- Office 365 Azure AD logs
- Office 365 Exchange logs
- Office 365 SharePoint logs
- Office 365 General logs
Microsoft Teams logs fall under "Office 365 General logs".
Please make sure that auditing is turned ON in Teams. Please see below MS documentation.
Once this is done, you can find the Microsoft Teams logs under the workload "MicrosoftTeams". The query would be similar to below, just replace the collector and source name
_source=<source name> and _collector=<collector name.
| json "Workload"
| where Workload="MicrosoftTeams"