This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 78%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hi, we have an application that get o365 audit logs using activity managment api and keep them in local database. O365 api returns a list of blobs and each blobs contains a group of events.
Till now every time we run the app we kept track of last event timepstamp and next time we only get events from this time.
The problem is in 0365 many events get delayed and can come at a later time like 24 hours later in the current blob or in previous blobs of today, how can we find out a keep track of them?
I though blobs were like rotating logs that once a new blob is created all new events go there but is not like that as an event from last night can appear suddenly in the current blob today at 10 am or in a previously closed blob at 6am.
Can anyone explain how this work? how delayed events get places in blobs and what would be the right way to scan for new events not processed?
@Alberto Gonzalez
Tag “office-itpro” means general issues of Office desktop clients, O365 managment api seems to be related to Azure, which is out of my support scope.
I suggest you add the tag "azure-active-directory".
Hope this information could help you.