We have updated our Terms of Service, Code of Conduct, and Addendum.

Office 365 Activity Logs


Any good debugging steps for the O365 activity log source. We set it up correctly could validate the tokens but even with a poll intervall of 1 Min I am not getting any data nor any logs. Would appreciate any debugging steps to help me understand the mess I created.


  • CriblNinja
    CriblNinja Posts: 5

    You have to create an app in O365. The app has to have appropriate read permissions to the activity logs, then you have to have a source that is enabled.

    After you set up the App in O365 you have to send a curl command to start your O365 Content Subscription. (This is a 2 step process). Once you get a working app, with appropriate permissions and a content subscription activated you should be able to make api calls

    The steps to complete the setup can be found here: Office 365 Activity | Cribl Docs