Forum Discussion
Solved
Missing day(s) from Search-AdminAuditLog and Search-UnifiedAuditLog Results
Hey Everyone! We've noticed that when running the Search-AdminAuditLog or Search-UnifiedAuditLog cmdlets, the collection returned never has the current day, and sometimes is missing the prior...
VasilMichev, this totally worked. Thank you so much! After roughly 14 man hours of working on this with various team members, we never even thought of this. Have a great day!
Add one extra day to your end date if you want to cover events from today. For example:
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date).AddDays(1) -ResultSize 1
will return the most recent event from today. Of course, keep in mind that log ingestion is not a real-time process and there are (quite noticeable) delays.
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date).AddDays(1) -ResultSize 1
will return the most recent event from today. Of course, keep in mind that log ingestion is not a real-time process and there are (quite noticeable) delays.
VasilMichev, this totally worked. Thank you so much! After roughly 14 man hours of working on this with various team members, we never even thought of this. Have a great day!