O365 Unified Activity Logs into Splunk

["Ullman, Catherine" <cende () BUFFALO EDU>]

Good morning!

We are working towards moving into O365 and ideally would like to push the Unified Activity Logs into Splunk, but we 
don't have a sense of how big those logs typically are.  Is anyone out there doing it?  If so, how large is your user 
base and how large are your subsequent logs from O365?

Thanks in advance for any assistance.

Best,
Cathy

Dr. Catherine J Ullman
Senior Information Security Forensic Analyst
Information Security Office
University at Buffalo
cende () buffalo edu<mailto:cende () buffalo edu>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community