Narrow down Search-UnifiedAuditLog results

Copper Contributor



I need to do audit log search for a particular OneDrive using Search-UnifiedAuditLog in order to generate monthly activity report. However, it seems there is no option to search based on a OneDrive. It's inefficient to search all M365 and then filter the huge results to find the entries relevant to the particular OneDrive. In addition, Search-UnifiedAuditLog limits the number of rows returned if I understand correctly. Any suggestions?


Thank you.

1 Reply
I see I can use -RecordType to limit the search to SharePoint/OneDrive operations. However, it's still capped at 5,000 records which can be reached easily. It will be much better to be able to specify the scope of search as narrow as possible to be more efficient.