Hi everyone, new Graylog user here, enjoying very much.
Initially we’ve tried Graylog to monitor Office365 environments which has been working very well. We’ve now seen instances where Office365 inputs will not start, and hoping to get some help from the community. There’s no resource constraints that look to be causing any issues, no license issues, and all green lights in ‘overview’. We’ve restarted the graylog and elastic services with no benefit.
Looking at the graylog-server/server.log file, every time we try to start one of the problem inputs, we get:
[InputStateListener] Input [Office 365 Log Events/5f8f8d68170334693030efbf] is now RUNNING
[O365Client] Client Error: [{“error”:{“code”:“AF20055”,“message”:“Start time and end time must both be specified (or both omitted) and must be less than or equal to 24 hours apart, with the start time prior to end time and start time no more than 7 days in the past. StartTime:2020-10-28T21:44:34, EndTime:2020-10-28T21:40:09”}}]
[O365Client] Waiting 1 seconds until next retry.
[O365PollerTask] Error fetching manifest for Content Type [AZURE_ACTIVE_DIRECTORY]: [java.lang.RuntimeException: Unable to communicate with O365 servers after 5 attempts]
Now we have others that work fine, and my understanding is that the input is pre-programmed to only collect <=24 hours anyway.
Any assistance would be greatly appreciated. About to restart the entire machine to see if it helps in any way