Verify Data is Arriving in LogScale
Once you have completed the above steps the Microsoft 365™ logs should be arriving in your LogScale repository.
You can verify this by doing a simple search for #logtype =
"microsoft365" to see the events and check the
category field to observe if
events are present from all the expected Defender for Office 365 data
sets.
You should see the events as in the below screenshot.
Figure 355. Verify Data
You can also check that the dashboards are beginning to populate with data
Note
Some dashboard widgets have a default time period of 30 days but for simpler testing you can select a shared time of the last 1 hour which makes it easier to see the data when only recently arrived in LogScale.
Figure 356. Verify Data - Last hour