-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dashboard issues with the "[Logs o365] Audit Dashboard" as provided by integration "Microsoft 365" version 2.1.1 #8970
Comments
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Thanks for flagging this with us @eriroley. @chrisberkhout would you mind taking a look at this one, please? |
Similar workaround as in #8969 is possible - add a filter to the dashboard for data_stream.dataset: 0365.audit |
@eriroley I opened #8983 to fix the missing filter. The count panel font size initially looked good on my machine. It's not explicitly set in the dashboard config, so an issue there would be a general Lens visualization issue. I was able to reproduce the problem in your screenshot by changing my operating system display scaling factor from 1.0 to 2.0, as shown below. As a workaround, adjusting your operating system display scaling settings may help. I believe the underlying issue is being addressed in elastic/kibana#154414 |
Okay, yes, that is interesting. I wonder if there are some other related settings, like "Accessibility > Text/Font size"? Someone describes a similar issue on Windows 11 here that went away after increasing font size then setting it back to 100%. |
no change after changing the font size in accessibility, and then changing it back |
However, after changing the display scaling to 125% and then back to 100% it now shows correctly |
Okay, great. Thanks for all the info. Hopefully when elastic/kibana#154414 is resolved it'll work on higher settings as well. |
Also, there appears to be a missing filter in at least the "Top users by authentication outcome" panel
There's no way I should have over 3,000,000 events, with only 2411 events as shown in the previous screenshot
I suggest adding the following filter for that (and all other panels in this dashboard)
data_stream.dataset:"o365.audit"
which then gives much more reasonable results
The text was updated successfully, but these errors were encountered: