Dec 12 2019
07:47 AM
- last edited on
Dec 23 2021
04:47 AM
by
TechCommunityAP
Dec 12 2019
07:47 AM
- last edited on
Dec 23 2021
04:47 AM
by
TechCommunityAP
I've posted a similar question on the Log Analytics forum as I believe that this has to do more with it than Sentinel so I apologize for the double posting.
I have at least two instances where I receive OfficeActivity logs from Office 365 yet, when I try to query it, the table cannot be found:
Example query:
Result:
'take' operator: Failed to resolve table or column expression named 'OfficeActivity'
The connector has been configured several days ago and I know that the logs are received:
While I tried to connect from 3 different ISPs with no luck, it seems that from some locations, the data is accessible so it must be something about these tables being replicated through Azure. I have contributor role to the subscription.
On another Sentinel instance, I'm able to get the OfficeActivity query results if I try to submit it 3-4 times.
Any thoughts?
Dec 18 2019 10:17 AM
Please open a support ticket. this sounds like a bug.