Dashboard and visualizations not working - error with fields.keyword about o365beat HOT 5 CLOSED

After fixing the first error by renaming the index pattern ID , one of the dashboard saved searches started working , which is o365 alerts

But the issue seems to be with the remaining ones that are using user.id.keyword and client.ip.keyword.

Any help on this is appreciated. Thanks in advance.

from o365beat.

@Rajprince2793 please how do you make a connection with Azure API
can you send me please your config file and all steps to fixe my issues ?
please contat me [email protected]

from o365beat.

@aymenwerg If you're having trouble with the O365 beat config file , you can reference this link below

https://vizion.ai/forum/topic/o365beat-for-windows/

Make sure a custom application ( for SIEM ) is created on Azure AD by following the steps here

https://docs.microsoft.com/en-us/office/office-365-management-api/get-started-with-office-365-management-apis#register-your-application-in-azure-ad

Below is the key piece of the config that you need to obtain from the app you configured

tenant_domain: ${O365BEAT_TENANT_DOMAIN:your tenant domain here}
client_secret: ${O365BEAT_CLIENT_SECRET:your client secret here}
client_id: ${O365BEAT_CLIENT_ID:your client id here} # aka application id (GUID)
directory_id: ${O365BEAT_DIRECTORY_ID:your directory id here} # aka tenant id (GUID)
registry_file_path: ${O365BEAT_REGISTRY_PATH:./o365beat-registry.json}

from o365beat.

@chris-counteractive Must have missed to tag you on the post , sorry about that

from o365beat.

In researching another issue, I realized (a few months late) that filebeat now supports o365 with an official module, as of v7.7.0. It supports a variety of visualizations out of the box, and will surely stay more current with the latest updates to the Elastic Stack, including Kibana.

Given there's an "official solution" to visualization, I'm going to close this issue, please let me know if you have any further questions. Thanks!

from o365beat.