Hello Alessandro,
How are you confirming the delay ?
Check event start time, Storage time and log source time of latest event?
- if you have start time and storage time same as now and log source time is old in that case you might have huge number events on office365 and then check EPS Throttle set on log source.
- if you are seeing difference in start time and storage time that mean parsing is not happening with desired speed due to performance issue and hence fine tuning is required. Try raising case agins Support to investigate this further.
------------------------------
Vishal Tangadkar
IBM INDIA PVT LTD
------------------------------
Original Message:
Sent: Fri February 21, 2025 05:40 AM
From: Alessandro D'Amelio
Subject: Significant Delay in O365 Log Collection on QRadar On-Prem
Hello everyone,
We have noticed that our Office 365 integration with QRadar On-Prem is experiencing hundreds of hours of delay in log collection. The logs are arriving extremely late, which is impacting our monitoring and analysis.
Has anyone encountered a similar issue? Are there any best practices or configurations we should check to resolve this delay?
Any insights or recommendations would be greatly appreciated!
Thanks in advance.
------------------------------
Alessandro D'Amelio
------------------------------