Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move O365audit input to v2 input API #19719

Merged
merged 2 commits into from
Jul 8, 2020
Merged

Move O365audit input to v2 input API #19719

merged 2 commits into from
Jul 8, 2020

Conversation

urso
Copy link

@urso urso commented Jul 7, 2020
edited by andresrc
Loading

  • Refactoring

What does this PR do?

Move o365audit input to use the v2 input API.

The change treats the tuple 'tenantID' and 'contentType' as the stream identifier. The cursor input package starts one go-routine per stream, ensuring that no two inputs can collect events for the same stream.

Not yet documented (not sure if we should): the cursor input manager adds a id setting to each input it manages. The ID settings can be configured manualy and will become part of the stream ID in the statestore. This allows users to configure 2 inputs collecting from the same streams.

(Needs docs): The cursor input manager runs a go-routine in the background deleting old states no input or pending event (to be ACKed by outputs) is active for. Each entry in the store has a TTL. And entry is to be removed if there is no active input, all events for the stream have been acked, and lastUpdateTimestamp + TTL < now. The TTL is configured via clean_timeout. The default clean_timeout is 30 minutes.

The default clean_timeout can be configured by setting 'DefaultCleanTimeout' in the InputManager in the Plugin function.
When the beat is restarted the cleanup will not delete entries yet. Instead the reference time for old entries is set to 'beatStartTimestamp'. After restart old entries that don't get picked up are deleted after beatStartTimestamp + TTL < now.

Why is it important?

This enables the input to store the read positions in the statestore between restarts.

Checklist

  • My code follows the style guidelines of this project
    - [ ] I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
    - [ ] I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • [ ]

How to test this PR locally

@adriansr can you add details about required manual testing please?

Related issues

@urso urso added review needs_backport PR is waiting to be backported to other branches. needs_docs Team:SIEM [zube]: In Review Team:Integrations Label for the Integrations team test-plan Add this PR to be manual test plan labels Jul 7, 2020
@urso urso requested a review from adriansr July 7, 2020 23:14
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations (Team:Integrations)

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 7, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 7, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 7, 2020
edited
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #19719 updated]

  • Start Time: 2020-07-07T23:21:19.380+0000

  • Duration: 44 min 16 sec

Test stats 🧪

Test Results
Failed 0
Passed 2404
Skipped 385
Total 2789

adriansr
adriansr approved these changes Jul 8, 2020
View reviewed changes
Copy link
Contributor

@adriansr adriansr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Tested with my o365 account. Works perfect, resumes execution at the time of the last processed event and correctly skips the already ACKed lines.

Thanks for updating this!

@urso urso merged commit 03bedd7 into elastic:master Jul 8, 2020
@urso urso deleted the filebeat-o365audit-input-v2 branch July 8, 2020 11:46
@adriansr
Copy link
Contributor

adriansr commented Jul 8, 2020
edited
Loading

Here's the debug logs for the test.

First run, fetch events starting from a week ago, until a blob of events is found (Audit.Exchange / 48 lines / 2020-07-02T02:xx:xx). Also a blob from Audit.AzureActiveDirectory is found, but filebeat is killed before it's processed.

2020-07-08T13:02:54.624+0200	INFO	[input.o365audit]	compat/compat.go:110	Input o365audit starting
2020-07-08T13:02:55.044+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:02:55.044+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All", "cursor": "cursor{timestamp:2020-07-01 11:02:55.044047 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:02:55.044+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:02:55.044127 +0000 UTC to:2020-07-02 11:02:55.044127 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:02:55.044+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-02T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:02:55.081+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:02:55.081+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange", "cursor": "cursor{timestamp:2020-07-01 11:02:55.081633 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:02:55.081+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:02:55.081667 +0000 UTC to:2020-07-02 11:02:55.081667 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:02:55.081+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-02T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:02:55.138+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:02:55.138+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint", "cursor": "cursor{timestamp:2020-07-01 11:02:55.138133 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:02:55.138+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:02:55.1382 +0000 UTC to:2020-07-02 11:02:55.1382 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:02:55.138+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-02T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:02:55.160+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:02:55.160+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory", "cursor": "cursor{timestamp:2020-07-01 11:02:55.16064 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:02:55.160+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:02:55.160683 +0000 UTC to:2020-07-02 11:02:55.160683 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:02:55.160+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-02T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:02:55.169+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:02:55.169+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General", "cursor": "cursor{timestamp:2020-07-01 11:02:55.169549 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:02:55.169+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:02:55.169598 +0000 UTC to:2020-07-02 11:02:55.169598 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:02:55.169+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-02T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:25.412+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:03:25.412+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:02:55.044127 +0000 UTC to:2020-07-03 11:02:55.044127 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:03:25.412+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-03T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:03:25.490+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:25.490+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:02:55.160683 +0000 UTC to:2020-07-03 11:02:55.160683 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:25.490+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-03T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:25.584+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:25.584+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:02:55.169598 +0000 UTC to:2020-07-03 11:02:55.169598 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:25.584+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-03T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:25.617+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:03:25.617+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:02:55.1382 +0000 UTC to:2020-07-03 11:02:55.1382 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:03:25.618+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-03T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:03:26.168+0200	DEBUG	[input.o365audit]	o365audit/listblobs.go:129	+ fetch blob date:2020-07-02 02:06:21.634 +0000 UTC id:20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:26.168+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=2	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:26.168+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch content blob url:https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036 id:20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:26.168+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036?publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:55.826+0200	DEBUG	[input.o365audit]	o365audit/listblobs.go:129	+ fetch blob date:2020-07-03 10:10:41.242 +0000 UTC id:20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:55.826+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=2	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:55.826+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch content blob url:https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036 id:20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:55.826+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036?publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:03:55.860+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:55.860+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:02:55.169598 +0000 UTC to:2020-07-04 11:02:55.169598 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:55.860+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-04T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:03:55.893+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:03:55.893+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:02:55.044127 +0000 UTC to:2020-07-04 11:02:55.044127 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:03:55.893+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-04T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:03:55.999+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:03:55.999+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:02:55.1382 +0000 UTC to:2020-07-04 11:02:55.1382 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:03:55.999+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-04T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 1: created:2020-07-02T02:03:47 id:4653810f-581b-4a6c-93b8-08d81e2c284a for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 2: created:2020-07-02T02:03:46 id:04f4d7f1-a4bf-4834-91e9-08d81e2c27e0 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 3: created:2020-07-02T02:03:45 id:84f2d41d-ff80-49a5-4936-08d81e2c26ff for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 4: created:2020-07-02T02:03:40 id:e50c8504-66ca-4e7d-05b6-08d81e2c23d0 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 5: created:2020-07-02T02:03:39 id:da4900d4-ecff-41d4-fe37-08d81e2c239d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 6: created:2020-07-02T02:03:38 id:cf88e9f0-17c6-4cce-ab65-08d81e2c22f6 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 7: created:2020-07-02T02:03:37 id:d7af2290-4b2e-41b5-58be-08d81e2c2246 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 8: created:2020-07-02T02:03:36 id:1bdf4294-4c70-4927-0a41-08d81e2c219d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 9: created:2020-07-02T02:03:35 id:e25f3e53-5ce2-4930-354e-08d81e2c20f2 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 10: created:2020-07-02T02:03:35 id:8e627447-738b-4872-4bde-08d81e2c20cd for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 11: created:2020-07-02T02:03:33 id:b574e236-922c-40ee-db58-08d81e2c2006 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 12: created:2020-07-02T02:03:26 id:e5a0c641-1662-4d7f-a338-08d81e2c1b91 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 13: created:2020-07-02T02:03:31 id:d0546b33-f3e5-4f23-1a2b-08d81e2c1ef1 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 14: created:2020-07-02T02:03:47 id:943e6ac4-5b3e-4e3d-7336-08d81e2c27ee for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 15: created:2020-07-02T02:03:42 id:67371141-a18e-48ba-0efe-08d81e2c2527 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 16: created:2020-07-02T02:03:39 id:4a29cd6c-e986-49b3-5472-08d81e2c23b5 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 17: created:2020-07-02T02:03:38 id:7d84bda4-0bc2-454e-4b55-08d81e2c2310 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 18: created:2020-07-02T02:03:37 id:6c1a9744-3a70-4e83-310f-08d81e2c2261 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 19: created:2020-07-02T02:03:37 id:dcabea45-3093-486f-7c07-08d81e2c222d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 20: created:2020-07-02T02:03:36 id:732e1a2b-f48f-4692-7ba5-08d81e2c2184 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 21: created:2020-07-02T02:03:35 id:95cc9352-4096-4399-1bd3-08d81e2c20da for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 22: created:2020-07-02T02:03:34 id:794cbf27-5943-42e9-2432-08d81e2c202d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 23: created:2020-07-02T02:03:32 id:5a121968-d166-4924-481e-08d81e2c1f3e for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 24: created:2020-07-02T02:03:30 id:8fe46054-5842-4306-8aba-08d81e2c1e41 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 25: created:2020-07-02T02:03:29 id:bccd1032-e6ce-42ec-cba5-08d81e2c1d8c for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 26: created:2020-07-02T02:03:25 id:62d96783-6325-47d7-e20a-08d81e2c1b36 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 27: created:2020-07-02T02:03:26 id:b5b4ab0d-5d06-4eca-d9bd-08d81e2c1be3 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 28: created:2020-07-02T02:03:47 id:4166ec2f-1818-430a-c42d-08d81e2c282b for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 29: created:2020-07-02T02:03:40 id:d0706813-adcb-438a-d74d-08d81e2c244f for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 30: created:2020-07-02T02:03:39 id:32d6f766-8b70-439f-20a9-08d81e2c23a9 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 31: created:2020-07-02T02:03:38 id:8a747328-c91f-45ed-7b5f-08d81e2c2303 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 32: created:2020-07-02T02:03:37 id:67814947-addf-4612-8824-08d81e2c2254 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 33: created:2020-07-02T02:03:36 id:37b345f3-2646-46ad-6517-08d81e2c21a9 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 34: created:2020-07-02T02:03:36 id:4cb7ee62-9db1-4d59-f9c3-08d81e2c2177 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 35: created:2020-07-02T02:03:34 id:4fd7b76a-7b8e-4a80-662a-08d81e2c20c1 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 36: created:2020-07-02T02:03:29 id:fdd45644-b322-4567-f8f1-08d81e2c1d39 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 37: created:2020-07-02T02:03:33 id:ccda7ad3-0f36-45ab-f1af-08d81e2c1fea for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 38: created:2020-07-02T02:03:47 id:3edf499c-38a5-4b1e-7ff3-08d81e2c27fa for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 39: created:2020-07-02T02:03:45 id:83db25b5-2956-4bed-5693-08d81e2c26f0 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 40: created:2020-07-02T02:03:40 id:1f613c10-0645-4b29-e7a8-08d81e2c23c2 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 41: created:2020-07-02T02:03:38 id:9773d3e4-5a12-4962-6964-08d81e2c231d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 42: created:2020-07-02T02:03:38 id:2a778d87-d37c-4ce3-182f-08d81e2c22e9 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 43: created:2020-07-02T02:03:37 id:66cbd685-ab01-492b-d6de-08d81e2c2239 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 44: created:2020-07-02T02:03:36 id:6c00f791-f60b-4f9f-99bc-08d81e2c2191 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 45: created:2020-07-02T02:03:35 id:72f59c0b-c76b-4d11-8801-08d81e2c20e7 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 46: created:2020-07-02T02:03:33 id:6bf608bb-2005-429c-0eaf-08d81e2c2025 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 47: created:2020-07-02T02:03:29 id:c2a957d2-46b6-4df9-adc3-08d81e2c1d76 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 48: created:2020-07-02T02:03:32 id:5bf79743-531d-4191-2ae7-08d81e2c1f0d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:0 start:2020-07-01 11:02:55.081667 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:1 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:2 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:3 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.596+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:4 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:5 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:6 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:7 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:8 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:9 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:10 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:11 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:12 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:13 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:14 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:15 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:16 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:17 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:18 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:19 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:20 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:21 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:22 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:23 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:24 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:25 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:26 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:27 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:28 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:29 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:30 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:31 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:32 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:33 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:34 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:35 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:36 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:37 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:38 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:39 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:40 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:41 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:42 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:43 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:44 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:45 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:46 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:47 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:02:55.081667 +0000 UTC} for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.597+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=48	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.753+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:02:55.081667 +0000 UTC to:2020-07-03 11:02:55.081667 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:03:56.753+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-03T11%3A02%3A55&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A02%3A55	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}

Second run, Audit.Exchange resumes at the last saved position. This causes the same blob to be fetched but it skips over the already delivered lines. Resuming at the last reported event is done in case new lines are appended to an existing event (it happens), and also in case a new blob appears at the same point in time.

Also the previous Audit.AzureActiveDirectory blob is processed (1 line).

2020-07-08T13:07:02.052+0200	INFO	[input.o365audit]	compat/compat.go:110	Input o365audit starting
2020-07-08T13:07:02.462+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:07:02.462+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory", "cursor": "cursor{timestamp:2020-07-01 11:07:02.462021 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:07:02.462+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:07:02.462081 +0000 UTC to:2020-07-02 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:07:02.462+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-02T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:07:02.471+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:07:02.471+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General", "cursor": "cursor{timestamp:2020-07-01 11:07:02.471475 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:07:02.471+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:07:02.471514 +0000 UTC to:2020-07-02 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:07:02.471+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-02T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:07:02.472+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange", "cursor": "cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:02:55.081667 +0000 UTC}"}
2020-07-08T13:07:02.472+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:07:02.472564 +0000 UTC to:2020-07-02 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:07:02.472+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-02T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:07:02.552+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:07:02.552+0200	INFO	[input.o365audit]	o365audit/input.go:178	No saved state found. Will fetch events for the last 168h0m0s.	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:07:02.552+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint", "cursor": "cursor{timestamp:2020-07-01 11:07:02.552709 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:07:02.552+0200	INFO	[input.o365audit]	o365audit/input.go:158	Start fetching events	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All", "cursor": "cursor{timestamp:2020-07-01 11:07:02.55271 +0000 UTC line:0 start:0001-01-01 00:00:00 +0000 UTC}"}
2020-07-08T13:07:02.552+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:07:02.552753 +0000 UTC to:2020-07-02 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:07:02.552+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-01 11:07:02.55276 +0000 UTC to:2020-07-02 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:07:02.552+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-02T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:07:02.552+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-02T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-01T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:07:33.028+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:07:33.028+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:07:02.55276 +0000 UTC to:2020-07-03 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:07:33.028+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-03T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:07:33.058+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:07:33.058+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:07:02.462081 +0000 UTC to:2020-07-03 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:07:33.059+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-03T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:07:33.066+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:07:33.066+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:07:02.471514 +0000 UTC to:2020-07-03 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:07:33.066+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-03T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:07:33.159+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:07:33.159+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:07:02.552753 +0000 UTC to:2020-07-03 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:07:33.160+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-03T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:07:33.479+0200	DEBUG	[input.o365audit]	o365audit/listblobs.go:129	+ fetch blob date:2020-07-02 02:06:21.634 +0000 UTC id:20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:07:33.479+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=2	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:07:33.479+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch content blob url:https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036 id:20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:07:33.479+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036?publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.392+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:08:03.392+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:07:02.471514 +0000 UTC to:2020-07-04 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:08:03.392+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-04T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:08:03.539+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:08:03.539+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:07:02.552753 +0000 UTC to:2020-07-04 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:08:03.539+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-04T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:08:03.568+0200	DEBUG	[input.o365audit]	o365audit/listblobs.go:129	+ fetch blob date:2020-07-03 10:10:41.242 +0000 UTC id:20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:03.568+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=2	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:03.568+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch content blob url:https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036 id:20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:03.568+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036?publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 1: created:2020-07-02T02:03:47 id:4653810f-581b-4a6c-93b8-08d81e2c284a for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 2: created:2020-07-02T02:03:46 id:04f4d7f1-a4bf-4834-91e9-08d81e2c27e0 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 3: created:2020-07-02T02:03:45 id:84f2d41d-ff80-49a5-4936-08d81e2c26ff for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 4: created:2020-07-02T02:03:40 id:e50c8504-66ca-4e7d-05b6-08d81e2c23d0 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 5: created:2020-07-02T02:03:39 id:da4900d4-ecff-41d4-fe37-08d81e2c239d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 6: created:2020-07-02T02:03:38 id:cf88e9f0-17c6-4cce-ab65-08d81e2c22f6 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 7: created:2020-07-02T02:03:37 id:d7af2290-4b2e-41b5-58be-08d81e2c2246 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 8: created:2020-07-02T02:03:36 id:1bdf4294-4c70-4927-0a41-08d81e2c219d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 9: created:2020-07-02T02:03:35 id:e25f3e53-5ce2-4930-354e-08d81e2c20f2 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 10: created:2020-07-02T02:03:35 id:8e627447-738b-4872-4bde-08d81e2c20cd for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 11: created:2020-07-02T02:03:33 id:b574e236-922c-40ee-db58-08d81e2c2006 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 12: created:2020-07-02T02:03:26 id:e5a0c641-1662-4d7f-a338-08d81e2c1b91 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 13: created:2020-07-02T02:03:31 id:d0546b33-f3e5-4f23-1a2b-08d81e2c1ef1 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 14: created:2020-07-02T02:03:47 id:943e6ac4-5b3e-4e3d-7336-08d81e2c27ee for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 15: created:2020-07-02T02:03:42 id:67371141-a18e-48ba-0efe-08d81e2c2527 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 16: created:2020-07-02T02:03:39 id:4a29cd6c-e986-49b3-5472-08d81e2c23b5 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 17: created:2020-07-02T02:03:38 id:7d84bda4-0bc2-454e-4b55-08d81e2c2310 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 18: created:2020-07-02T02:03:37 id:6c1a9744-3a70-4e83-310f-08d81e2c2261 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 19: created:2020-07-02T02:03:37 id:dcabea45-3093-486f-7c07-08d81e2c222d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 20: created:2020-07-02T02:03:36 id:732e1a2b-f48f-4692-7ba5-08d81e2c2184 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 21: created:2020-07-02T02:03:35 id:95cc9352-4096-4399-1bd3-08d81e2c20da for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 22: created:2020-07-02T02:03:34 id:794cbf27-5943-42e9-2432-08d81e2c202d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 23: created:2020-07-02T02:03:32 id:5a121968-d166-4924-481e-08d81e2c1f3e for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 24: created:2020-07-02T02:03:30 id:8fe46054-5842-4306-8aba-08d81e2c1e41 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 25: created:2020-07-02T02:03:29 id:bccd1032-e6ce-42ec-cba5-08d81e2c1d8c for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 26: created:2020-07-02T02:03:25 id:62d96783-6325-47d7-e20a-08d81e2c1b36 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 27: created:2020-07-02T02:03:26 id:b5b4ab0d-5d06-4eca-d9bd-08d81e2c1be3 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 28: created:2020-07-02T02:03:47 id:4166ec2f-1818-430a-c42d-08d81e2c282b for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 29: created:2020-07-02T02:03:40 id:d0706813-adcb-438a-d74d-08d81e2c244f for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 30: created:2020-07-02T02:03:39 id:32d6f766-8b70-439f-20a9-08d81e2c23a9 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 31: created:2020-07-02T02:03:38 id:8a747328-c91f-45ed-7b5f-08d81e2c2303 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 32: created:2020-07-02T02:03:37 id:67814947-addf-4612-8824-08d81e2c2254 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 33: created:2020-07-02T02:03:36 id:37b345f3-2646-46ad-6517-08d81e2c21a9 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 34: created:2020-07-02T02:03:36 id:4cb7ee62-9db1-4d59-f9c3-08d81e2c2177 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 35: created:2020-07-02T02:03:34 id:4fd7b76a-7b8e-4a80-662a-08d81e2c20c1 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 36: created:2020-07-02T02:03:29 id:fdd45644-b322-4567-f8f1-08d81e2c1d39 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 37: created:2020-07-02T02:03:33 id:ccda7ad3-0f36-45ab-f1af-08d81e2c1fea for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 38: created:2020-07-02T02:03:47 id:3edf499c-38a5-4b1e-7ff3-08d81e2c27fa for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 39: created:2020-07-02T02:03:45 id:83db25b5-2956-4bed-5693-08d81e2c26f0 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 40: created:2020-07-02T02:03:40 id:1f613c10-0645-4b29-e7a8-08d81e2c23c2 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 41: created:2020-07-02T02:03:38 id:9773d3e4-5a12-4962-6964-08d81e2c231d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 42: created:2020-07-02T02:03:38 id:2a778d87-d37c-4ce3-182f-08d81e2c22e9 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 43: created:2020-07-02T02:03:37 id:66cbd685-ab01-492b-d6de-08d81e2c2239 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 44: created:2020-07-02T02:03:36 id:6c00f791-f60b-4f9f-99bc-08d81e2c2191 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 45: created:2020-07-02T02:03:35 id:72f59c0b-c76b-4d11-8801-08d81e2c20e7 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.828+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 46: created:2020-07-02T02:03:33 id:6bf608bb-2005-429c-0eaf-08d81e2c2025 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 47: created:2020-07-02T02:03:29 id:c2a957d2-46b6-4df9-adc3-08d81e2c1d76 for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 48: created:2020-07-02T02:03:32 id:5bf79743-531d-4191-2ae7-08d81e2c1f0d for cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [4653810f-581b-4a6c-93b8-08d81e2c284a] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [04f4d7f1-a4bf-4834-91e9-08d81e2c27e0] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [84f2d41d-ff80-49a5-4936-08d81e2c26ff] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [e50c8504-66ca-4e7d-05b6-08d81e2c23d0] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [da4900d4-ecff-41d4-fe37-08d81e2c239d] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [cf88e9f0-17c6-4cce-ab65-08d81e2c22f6] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [d7af2290-4b2e-41b5-58be-08d81e2c2246] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [1bdf4294-4c70-4927-0a41-08d81e2c219d] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [e25f3e53-5ce2-4930-354e-08d81e2c20f2] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [8e627447-738b-4872-4bde-08d81e2c20cd] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [b574e236-922c-40ee-db58-08d81e2c2006] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [e5a0c641-1662-4d7f-a338-08d81e2c1b91] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [d0546b33-f3e5-4f23-1a2b-08d81e2c1ef1] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [943e6ac4-5b3e-4e3d-7336-08d81e2c27ee] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [67371141-a18e-48ba-0efe-08d81e2c2527] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [4a29cd6c-e986-49b3-5472-08d81e2c23b5] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [7d84bda4-0bc2-454e-4b55-08d81e2c2310] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [6c1a9744-3a70-4e83-310f-08d81e2c2261] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [dcabea45-3093-486f-7c07-08d81e2c222d] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [732e1a2b-f48f-4692-7ba5-08d81e2c2184] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [95cc9352-4096-4399-1bd3-08d81e2c20da] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [794cbf27-5943-42e9-2432-08d81e2c202d] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [5a121968-d166-4924-481e-08d81e2c1f3e] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [8fe46054-5842-4306-8aba-08d81e2c1e41] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [bccd1032-e6ce-42ec-cba5-08d81e2c1d8c] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [62d96783-6325-47d7-e20a-08d81e2c1b36] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [b5b4ab0d-5d06-4eca-d9bd-08d81e2c1be3] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [4166ec2f-1818-430a-c42d-08d81e2c282b] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [d0706813-adcb-438a-d74d-08d81e2c244f] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [32d6f766-8b70-439f-20a9-08d81e2c23a9] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [8a747328-c91f-45ed-7b5f-08d81e2c2303] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [67814947-addf-4612-8824-08d81e2c2254] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [37b345f3-2646-46ad-6517-08d81e2c21a9] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [4cb7ee62-9db1-4d59-f9c3-08d81e2c2177] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [4fd7b76a-7b8e-4a80-662a-08d81e2c20c1] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [fdd45644-b322-4567-f8f1-08d81e2c1d39] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [ccda7ad3-0f36-45ab-f1af-08d81e2c1fea] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [3edf499c-38a5-4b1e-7ff3-08d81e2c27fa] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [83db25b5-2956-4bed-5693-08d81e2c26f0] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [1f613c10-0645-4b29-e7a8-08d81e2c23c2] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [9773d3e4-5a12-4962-6964-08d81e2c231d] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [2a778d87-d37c-4ce3-182f-08d81e2c22e9] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [66cbd685-ab01-492b-d6de-08d81e2c2239] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [6c00f791-f60b-4f9f-99bc-08d81e2c2191] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [72f59c0b-c76b-4d11-8801-08d81e2c20e7] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [6bf608bb-2005-429c-0eaf-08d81e2c2025] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [c2a957d2-46b6-4df9-adc3-08d81e2c1d76] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:76	Skipping event all cursor{timestamp:2020-07-02 02:06:21.634 +0000 UTC line:48 start:2020-07-01 11:07:02.472564 +0000 UTC} [5bf79743-531d-4191-2ae7-08d81e2c1f0d] for 20200702020621634014687$20200702020621634014687$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=0	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-02 11:07:02.472564 +0000 UTC to:2020-07-03 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:03.829+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-03T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-02T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:04.482+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:08:04.482+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:07:02.55276 +0000 UTC to:2020-07-04 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:08:04.483+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-04T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:08:33.978+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:08:33.978+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-04 11:07:02.471514 +0000 UTC to:2020-07-05 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:08:33.978+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-05T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-04T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:08:33.982+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:08:33.982+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-04 11:07:02.552753 +0000 UTC to:2020-07-05 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:08:33.983+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-05T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-04T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:08:34.091+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 1: created:2020-07-03T09:54:23 id:703f9b3d-1dbe-4da0-b8ae-202122f0e9f2 for cursor{timestamp:2020-07-03 10:10:41.242 +0000 UTC line:0 start:2020-07-02 11:07:02.462081 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:34.091+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-03 10:10:41.242 +0000 UTC line:1 start:2020-07-02 11:07:02.462081 +0000 UTC} for 20200703101041242050872$20200703101041242050872$audit_azureactivedirectory$Audit_AzureActiveDirectory$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:34.091+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:34.093+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:07:02.462081 +0000 UTC to:2020-07-04 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:34.093+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-04T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:08:34.150+0200	DEBUG	[input.o365audit]	o365audit/listblobs.go:129	+ fetch blob date:2020-07-03 09:12:46.475 +0000 UTC id:20200703091246475115498$20200703091246475115498$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:34.150+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=2	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:34.151+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch content blob url:https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200703091246475115498$20200703091246475115498$audit_exchange$Audit_Exchange$emea0036 id:20200703091246475115498$20200703091246475115498$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:34.151+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200703091246475115498$20200703091246475115498$audit_exchange$Audit_Exchange$emea0036?publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:08:34.931+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:08:34.931+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-04 11:07:02.55276 +0000 UTC to:2020-07-05 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:08:34.931+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-05T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-04T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:09:04.429+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:09:04.429+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-04 11:07:02.462081 +0000 UTC to:2020-07-05 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:09:04.429+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-05T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-04T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:09:04.594+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 1: created:2020-07-03T08:48:38 id:99232065-b599-494c-1dea-08d81f2de118 for cursor{timestamp:2020-07-03 09:12:46.475 +0000 UTC line:0 start:2020-07-02 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:04.594+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-03 09:12:46.475 +0000 UTC line:1 start:2020-07-02 11:07:02.472564 +0000 UTC} for 20200703091246475115498$20200703091246475115498$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:04.594+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:04.595+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-03 11:07:02.472564 +0000 UTC to:2020-07-04 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:04.595+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-04T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-03T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:04.826+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:09:04.827+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-05 11:07:02.552753 +0000 UTC to:2020-07-06 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:09:04.827+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-06T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-05T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:09:04.902+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:09:04.902+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-05 11:07:02.471514 +0000 UTC to:2020-07-06 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:09:04.903+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-06T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-05T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:09:05.656+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:09:05.656+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-05 11:07:02.55276 +0000 UTC to:2020-07-06 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:09:05.656+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-06T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-05T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:09:34.802+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:09:34.802+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-05 11:07:02.462081 +0000 UTC to:2020-07-06 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:09:34.802+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-06T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-05T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:09:35.005+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:35.005+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-04 11:07:02.472564 +0000 UTC to:2020-07-05 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:35.005+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-05T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-04T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:09:35.052+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:09:35.052+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-06 11:07:02.552753 +0000 UTC to:2020-07-07 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:09:35.052+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-07T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-06T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:09:35.314+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:09:35.314+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-06 11:07:02.471514 +0000 UTC to:2020-07-07 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:09:35.314+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-07T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-06T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:09:38.123+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:09:38.123+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-06 11:07:02.55276 +0000 UTC to:2020-07-07 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:09:38.123+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-07T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-06T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:10:05.239+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:05.239+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-05 11:07:02.472564 +0000 UTC to:2020-07-06 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:05.239+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-06T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-05T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:05.263+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:10:05.263+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-06 11:07:02.462081 +0000 UTC to:2020-07-07 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:10:05.263+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-07T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-06T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:10:05.307+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:10:05.307+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:07:02.552753 +0000 UTC to:2020-07-08 11:07:02.552753 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:10:05.307+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-08T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:10:05.814+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:10:05.814+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:07:02.471514 +0000 UTC to:2020-07-08 11:07:02.471514 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:10:05.814+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-08T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:10:08.346+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:10:08.347+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:07:02.55276 +0000 UTC to:2020-07-08 11:07:02.55276 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:10:08.347+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-08T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:10:35.608+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:10:35.608+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:10:35.608657 +0000 UTC to:2020-07-08 11:10:35.608657 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:10:35.608+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 3m0s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.SharePoint&endTime=2020-07-08T11%3A10%3A35&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A10%3A35	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.SharePoint", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.SharePoint"}
2020-07-08T13:10:35.618+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:10:35.618+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:07:02.462081 +0000 UTC to:2020-07-08 11:07:02.462081 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:10:35.618+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-08T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:10:35.679+0200	DEBUG	[input.o365audit]	o365audit/listblobs.go:129	+ fetch blob date:2020-07-05 15:24:11.486 +0000 UTC id:20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:35.679+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=2	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:35.679+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch content blob url:https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036 id:20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:35.679+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/audit/20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036?publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:10:37.006+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:10:37.006+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:10:37.006278 +0000 UTC to:2020-07-08 11:10:37.006278 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:10:37.006+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 3m0s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.General&endTime=2020-07-08T11%3A10%3A37&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A10%3A37	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.General", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.General"}
2020-07-08T13:10:38.575+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:10:38.575+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:10:38.574992 +0000 UTC to:2020-07-08 11:10:38.574992 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:10:38.575+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 3m0s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=DLP.All&endTime=2020-07-08T11%3A10%3A38&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A10%3A38	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::DLP.All", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "DLP.All"}
2020-07-08T13:11:06.099+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:11:06.099+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:11:06.099073 +0000 UTC to:2020-07-08 11:11:06.099073 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:11:06.099+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 3m0s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.AzureActiveDirectory&endTime=2020-07-08T11%3A11%3A06&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A11%3A06	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.AzureActiveDirectory", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.AzureActiveDirectory"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 1: created:2020-07-05T15:20:50 id:5f5e5de0-ba2e-4e13-a4cc-08d820f7004a for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 2: created:2020-07-05T15:20:45 id:9fc07a29-495b-4fa1-0886-08d820f6fd6b for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 3: created:2020-07-05T15:20:43 id:e22056fd-14e6-41e2-c30a-08d820f6fbfb for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 4: created:2020-07-05T15:20:42 id:4d467666-3f84-488b-6547-08d820f6fb51 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 5: created:2020-07-05T15:20:41 id:a7bfd86e-d424-47c1-b456-08d820f6faba for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 6: created:2020-07-05T15:20:41 id:07118a1c-c004-4366-6c44-08d820f6fa8b for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 7: created:2020-07-05T15:20:40 id:1adac684-3ee2-414f-b2d2-08d820f6f9ef for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 8: created:2020-07-05T15:20:38 id:6c27e7cb-a737-418f-4c90-08d820f6f940 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 9: created:2020-07-05T15:20:37 id:b560f16d-63e9-4f34-ff26-08d820f6f898 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 10: created:2020-07-05T15:20:31 id:7bd5711e-7ca7-4524-8aa5-08d820f6f4c8 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 11: created:2020-07-05T15:20:36 id:0ad6a785-0ff0-4658-3cf1-08d820f6f79e for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 12: created:2020-07-05T15:20:50 id:17a3513b-a178-426d-8d7b-08d820f70078 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 13: created:2020-07-05T15:20:43 id:7d142306-1f0b-4a8b-be00-08d820f6fc0f for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 14: created:2020-07-05T15:20:44 id:33a8c75a-9662-49ec-ed8a-08d820f6fc90 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 15: created:2020-07-05T15:20:51 id:be25cb11-82e1-437f-cdb4-08d820f70090 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 16: created:2020-07-05T15:20:48 id:443475a5-cd3b-41dd-58af-08d820f6ff1c for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 17: created:2020-07-05T15:20:50 id:a0a41e7a-caba-491d-7128-08d820f7003e for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 18: created:2020-07-05T15:20:50 id:62ae5b61-fd75-43d8-de23-08d820f70030 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 19: created:2020-07-05T15:20:48 id:ea9c59bf-eeca-49c4-13bb-08d820f6ff0f for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 20: created:2020-07-05T15:20:43 id:ce62d052-0a87-4923-a0bc-08d820f6fbf0 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 21: created:2020-07-05T15:20:42 id:f2ad4e4a-f2c5-4e00-aea0-08d820f6fb5c for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 22: created:2020-07-05T15:20:41 id:b6a245a7-dd5e-4e4a-6afb-08d820f6faaf for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 23: created:2020-07-05T15:20:40 id:ee0f32c5-6e84-4e06-a4fc-08d820f6fa07 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 24: created:2020-07-05T15:20:39 id:35e3d9b1-f346-43e2-1b5d-08d820f6f9e4 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 25: created:2020-07-05T15:20:38 id:4ba4889f-fd1f-4c04-f550-08d820f6f94c for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 26: created:2020-07-05T15:20:37 id:1311719c-8569-45b2-3820-08d820f6f8a1 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 27: created:2020-07-05T15:20:33 id:a7647faa-f5b4-4166-b87e-08d820f6f5f2 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 28: created:2020-07-05T15:20:37 id:ae43ce3f-aff6-448a-7f9e-08d820f6f866 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 29: created:2020-07-05T15:20:43 id:34899ed4-7764-4a1d-a575-08d820f6fbe5 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 30: created:2020-07-05T15:20:42 id:98436aa2-0601-46c5-58b7-08d820f6fb45 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 31: created:2020-07-05T15:20:41 id:58dfdc27-46d5-42d9-6fb3-08d820f6faa4 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 32: created:2020-07-05T15:20:40 id:5cda17e4-860f-44ce-4a4c-08d820f6f9fb for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 33: created:2020-07-05T15:20:39 id:da51dbbd-d83e-4743-8ccb-08d820f6f958 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 34: created:2020-07-05T15:20:38 id:85a91d43-672b-48dc-7cbb-08d820f6f933 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 35: created:2020-07-05T15:20:37 id:58f646df-d476-4bf2-bfd9-08d820f6f87e for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 36: created:2020-07-05T15:20:31 id:69e18aeb-afec-4307-3634-08d820f6f500 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 37: created:2020-07-05T15:20:35 id:ff36a8f6-ade2-4e40-5809-08d820f6f780 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 38: created:2020-07-05T15:20:43 id:6a698f61-81c0-4637-2223-08d820f6fc06 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 39: created:2020-07-05T15:20:42 id:2a00fcdc-b2f6-46f5-f802-08d820f6fb67 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 40: created:2020-07-05T15:20:42 id:30ff5d21-0e43-494b-9a2b-08d820f6fb39 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 41: created:2020-07-05T15:20:41 id:0b42931c-6fb9-45b0-4d63-08d820f6fa99 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 42: created:2020-07-05T15:20:39 id:52659040-4ce8-45e6-5ce0-08d820f6f9d8 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 43: created:2020-07-05T15:20:38 id:ed8d371c-3009-461e-8176-08d820f6f928 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 44: created:2020-07-05T15:20:36 id:a3b0b4ac-edb3-48f1-0bd4-08d820f6f7c6 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 45: created:2020-07-05T15:20:34 id:7117bf9d-0d75-4c7a-fa3d-08d820f6f6d5 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 46: created:2020-07-05T15:20:33 id:36e1386d-1397-434c-ad72-08d820f6f635 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 47: created:2020-07-05T15:20:30 id:f7d8b87d-bac9-40bc-2957-08d820f6f481 for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.344+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:60	 > event 48: created:2020-07-05T15:20:33 id:8d202256-12e6-47a2-aa01-08d820f6f61c for cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:0 start:2020-07-05 11:07:02.472564 +0000 UTC}	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:1 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:2 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:3 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:4 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:5 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:6 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:7 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:8 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:9 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:10 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:11 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:12 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:13 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:14 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:15 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:16 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:17 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:18 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:19 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:20 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:21 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:22 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:23 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:24 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:25 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:26 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:27 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:28 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:29 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:30 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:31 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:32 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:33 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:34 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:35 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:36 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:37 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:38 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:39 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:40 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:41 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:42 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:43 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:44 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:45 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:46 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:47 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	o365audit/contentblob.go:69	Reporting event cursor{timestamp:2020-07-05 15:24:11.486 +0000 UTC line:48 start:2020-07-05 11:07:02.472564 +0000 UTC} for 20200705152230936019353$20200705152411486034089$audit_exchange$Audit_Exchange$emea0036	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.345+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=48	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.490+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-06 11:07:02.472564 +0000 UTC to:2020-07-07 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:06.491+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-07T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-06T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:37.110+0200	DEBUG	[input.o365audit]	poll/poll.go:113	 <- Result (200 OK) #acts=1	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:37.110+0200	DEBUG	[input.o365audit]	poll/poll.go:83	* Fetch list blobs from:2020-07-07 11:07:02.472564 +0000 UTC to:2020-07-08 11:07:02.472564 +0000 UTC	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}
2020-07-08T13:11:37.110+0200	DEBUG	[input.o365audit]	poll/poll.go:102	 -- wait 30s for https://manage.office.com/api/v1.0/0762332b-73b1-46e5-983d-8bc77d975e98/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2020-07-08T11%3A07%3A02&publisherIdentifier=0762332b-73b1-46e5-983d-8bc77d975e98&startTime=2020-07-07T11%3A07%3A02	{"source": "0762332b-73b1-46e5-983d-8bc77d975e98::Audit.Exchange", "tenantID": "0762332b-73b1-46e5-983d-8bc77d975e98", "contentType": "Audit.Exchange"}

@urso urso mentioned this pull request Jul 9, 2020
Merged
4 tasks
@urso urso added v7.9.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jul 9, 2020
urso pushed a commit to urso/beats that referenced this pull request Jul 9, 2020
Move O365audit input to v2 input API (elastic#19719)
334ebcf 
(cherry picked from commit 03bedd7)
urso pushed a commit that referenced this pull request Jul 13, 2020
Cherry-pick #19719 to 7.x: Move O365audit input to v2 input API (#19775)
9485121
@andresrc andresrc added test-plan-added This PR has been added to the test plan and removed [zube]: Done labels Jul 14, 2020
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@melchiormoulin
Move O365audit input to v2 input API (elastic#19719)
4a00034
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adriansr adriansr adriansr approved these changes

Assignees
No one assigned
Labels
needs_docs review Team:Integrations Label for the Integrations team test-plan Add this PR to be manual test plan test-plan-added This PR has been added to the test plan v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@urso @elasticmachine @adriansr @andresrc