Logs are ingested with a delay in Graph API

Sayed Sadiq 5 Reputation points
2023-09-13T21:17:20.0833333+00:00

We use MS Graph API to fetch events from other log sources into our SIEM. Basically, many events are loaded into the Graph API with a delay.

Refer: https://learn.microsoft.com/en-us/answers/questions/1192952/graph-api-event-availability-latency

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,834 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Vasil Michev 103.9K Reputation points MVP
    2023-09-14T06:52:01.1433333+00:00

    Welcome to the cloud :) None of the audit logs are generated in real time, you can expect a delay from few minutes to up to a day, depending on the workload. In fact, Microsoft no longer publishes SLAs for those. I tried crawling some old documentation and gathered the values reported therein: https://www.michev.info/blog/post/5749/microsoft-365-azure-ad-audit-logs-and-reports-latency-data

    Needless to say, those are not officially supported SLAs and might be quite outdated by now (some sources were few years old).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.