Sharepoint Online Uls Logs: Why They Are Inaccessible And What You Can Do

ByThe SharePoint FAQs Team

Why SharePoint Online ULS Logs Are Inaccessible

Unified Logging Service (ULS) logs in SharePoint Online contain detailed diagnostic information about operations within the SharePoint platform. However, unlike on-premises SharePoint deployments where administrators have direct access to view and manage these logs, SharePoint Online ULS logs are not readily accessible due to permission restrictions and their location within Microsoft’s cloud infrastructure.

Permission Issues Preventing Access

In SharePoint Online, Microsoft controls permissions to the ULS logs stored in their servers. Admins do not have innate privileged access to retrieve logs directly. Microsoft restricts access to protect customer data and prevent unauthorized logins.

Some key permission issues are:

  • No access to Service Administrator level permissions
  • Limited ability to view directory paths where logs are stored
  • No permissions to directly access the log files themselves on Office 365 servers

Logs Located on Microsoft Servers

SharePoint Online runs entirely within Microsoft’s cloud infrastructure. The SharePoint VMs, databases, servers and log files exist within Microsoft’s own data centers and networks.

This centralized control over the cloud environment is what enables Microsoft to efficiently scale, update, and manage the service. However, a downside is that administrators lose the ability to directly interact with the servers.

Limited Ability To Customize in SharePoint Online

With SharePoint Online being software-as-a-service (SaaS), options for customization are restricted compared to on-premises SharePoint. Admins cannot customize security controls, access policies, or enable detailed logging beyond what Microsoft provisions.

For ULS logs, Microsoft predetermines:

  • Where logs are stored within the cloud infrastructure
  • How long logs are retained before purging old entries
  • What categories and types of events are logged

This standardized approach reduces costs but administrators cannot configure ULS logging specifically for their unique needs.

What You Can Do To Access SharePoint Online ULS Logs

Despite being inaccessible directly, SharePoint Online provides ways for tenants to access and retrieve ULS logs via specialized cmdlets and API integrations.

Use SharePoint Online Management Shell

The SharePoint Online Management Shell contains the Get-SPOTenantLogEntry cmdlet to retrieve ULS log data.

Key capabilities include:

  • Output log entries for the past 7 days
  • Filter by category, level, correlation ID
  • View detailed per-operation diagnostic logs
  • Help diagnose issues reported by users

The cmdlets use admin permissions and APIs to securely access the logs. However, the logs only cover a 7 rolling day period before Microsoft purges older entries.

Export Logs to Azure Log Analytics

For longer term log analysis, SharePoint Online can export ULS entries into Azure Log Analytics. This Microsoft service aggregates logs from multiple sources into a central queries engine.

Basic steps are:

  1. Create a Log Analytics workspace in Azure portal
  2. Get its Workspace ID and Primary Key
  3. Run Export-SPODiagnosticLogs cmdlet from SharePoint Online Management Shell

Example command:

Connect-SPOService -Url https://[tenant]-admin.sharepoint.com

Export-SPODiagnosticLogs -ExportMode All -OutputLocationBlob "la-workspace-id:key"

This exports new ULS entries daily into Log Analytics for retention policies beyond the 7 days in SharePoint Online itself.

Consider Hybrid Options

In hybrid SharePoint deployments with both online and on-premises servers, additional options exist to route SharePoint Online ULS logs to on-premises storage and analysis systems.

For example, solutions exist to forward SharePoint Online logs to on-premises instances of the Windows Event Collector service. From there, other tools like Splunk can index the logs.

Use Third-Party Logging Solutions

Independent software vendors offer SharePoint Online logging and analysis solutions on the Office 365 marketplace. These integrate with SharePoint Online using official APIs and provide dashboards to monitor usage, compliance, errors and custom logging rules.

Examples include SolarWinds, ManageEngine and Barracuda cloud-based tools. While costs can be higher than Microsoft’s solutions above, more customization options exist.

Tips for Making The Most of Limited Logging Abilities

When working within the logging constraints of SharePoint Online, follow these tips to maximize effectiveness:

Monitor Site Collections of Interest

Rather than trying to analyze usage across an entire tenant, focus ULS log analysis on 1-2 important site collections where visibility is needed most. The improved signal/noise ratio makes logs easier to interpret.

Focus Logs on High Priority Issues

Use PowerShell cmdlets to selectively output ULS logs for critical Correlation IDs known to affect key services. Avoid noise from verbose low-level operations logs.

Supplement With End-User Experience Monitoring

Combine ULS server logs with end-user experience monitoring to validate operational impacts of issues. This ties log anomalies with real user-reported problems.

In summary, adapting expectations and using SharePoint Online’s programmatic interfaces help extract insights from ULS logs despite inherent access challenges. Monitoring key sites and issues allows log analysis to pinpoint problems proactively.

Leave a Reply

Your email address will not be published. Required fields are marked *