Upgrade to version 4.x of the add-on. A change was made to implement Python Session() and Retry() classes to help with throttling and paging.
The Microsoft sign-in REST API has some pretty severe throttling limits. I usually direct customers to send Azure AD sign-in events to an event hub, and then use the Splunk Add-on for Microsoft Cloud Services to retrieve the data from the hub.
Hi team:
We need your help because I am presented with a 30-day delay in ingesting logs from an AAD to splunk, the connection is through an IDM:
Verison of the Addon is 3.1.1:
The Active Directory Sign-ins entry:
Range: 620 Query BackOff: 1 Endpoint = V1.0
Please I need your help,