Forum Discussion
Solved
Help with parameter for Search-UnifiedAuditLog
Hi, Disclaimer: I am new to PowerShell, hence why I turn here for your input. Background: I'm creating a Power BI dashboard based on data exported from the O365 Audit Log. For the moment, I'...
NarasimaPerumal Chandramohan thanks for pointing me in the right direction. I managed to solve it by using SessionID and SessionCommand. All I needed was a while loop that kept running until the variable taking the audit data returned null, and keep appending the export file in every loop run.
Rajiv Chokshi refering to the Technet article that I linked in the end of my answer; You can use the "Operation" parameter to define the specific activities that you are looking for, but I would probably recommend you try querying all of them first and then review and select the ones you care about.
Using the "RecordType" parameter, I see that you can also filter the search to for example include things like:
- SharePointFileOperation
SharePointSharingOperation
The same with the site collection filter. I do not know directly which parameter that works best for this. As you can see you have one called "SiteIds" which could work, but I'm not sure that the ID stays the same for all sites or sub sites of a site collection. Maybe it would be better to use "ObjectIds" which is queried as string and returns the object as a URL. So defining the site collection url + a wildcard characters should hopefully work. Something like:
SiteIds https://contoso.sharepoint.com/sites/sitecollectionname*
Hope this helps!
Rajiv Chokshi
Microsoft
MicrosoftThanks, I will try again using your tips. Appreciate your help.