Share via

Logs are ingested with a delay in Graph API

Sayed Sadiq 5 Reputation points
Sep 13, 2023, 9:17 PM

We use MS Graph API to fetch events from other log sources into our SIEM. Basically, many events are loaded into the Graph API with a delay.

Refer: https://learn.microsoft.com/en-us/answers/questions/1192952/graph-api-event-availability-latency

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,404 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Vasil Michev 116.1K Reputation points MVP
    Sep 14, 2023, 6:52 AM

    Welcome to the cloud :) None of the audit logs are generated in real time, you can expect a delay from few minutes to up to a day, depending on the workload. In fact, Microsoft no longer publishes SLAs for those. I tried crawling some old documentation and gathered the values reported therein: https://www.michev.info/blog/post/5749/microsoft-365-azure-ad-audit-logs-and-reports-latency-data

    Needless to say, those are not officially supported SLAs and might be quite outdated by now (some sources were few years old).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.