While running the input, we see an error being logged, which is unnecessary.
Error{"log.level":"error","@timestamp":"2023-08-24T11:33:34.809+0530","log.logger":"input.entity-analytics-azure-ad","log.origin":{"[file.name](http://file.name/)":"azuread/azure.go","file.line":358},"message":"Unable to find user \"abcdefgh-3e30-1234-aaaa-fcacececva\" in state","[service.name](http://service.name/)":"filebeat","id":"azure-1","tenant_id":"abcdefgh-8e61-124-a06d-abcdefghijk","provider":"azure-ad","ecs.version":"1.6.0"}
While running the input, we see an error being logged, which is unnecessary.
Error
{"log.level":"error","@timestamp":"2023-08-24T11:33:34.809+0530","log.logger":"input.entity-analytics-azure-ad","log.origin":{"[file.name](http://file.name/)":"azuread/azure.go","file.line":358},"message":"Unable to find user \"abcdefgh-3e30-1234-aaaa-fcacececva\" in state","[service.name](http://service.name/)":"filebeat","id":"azure-1","tenant_id":"abcdefgh-8e61-124-a06d-abcdefghijk","provider":"azure-ad","ecs.version":"1.6.0"}
By more looking, it looks like we’ve deleted that user in our tenant. That deleted user is fetched by the provider using the /users/delta endpoint. (Reference: https://learn.microsoft.com/en-us/graph/delta-query-overview#resource-representation-in-the-delta-query-response) and after that, it resulted in error logging by provider code logic.