internal/functions/Get-UnifiedLog.ps1

function Get-UnifiedLog {
    <#
    .SYNOPSIS
    Function to get Unified audit logs for InformationBarrierPolicyApplication.
     
    .DESCRIPTION
    Function to get Unified audit logs for InformationBarrierPolicyApplication.
     
    .PARAMETER StartDate
    Date to search audit logs from.
     
    .PARAMETER EndDate
    Date to search audit logs until.
     
    .PARAMETER AppId
    InformationBarrierPolicyApplication Identity to search audits for.
     
    .EXAMPLE
    PS C:\> Get-UnifiedLog -StartDate "01/19/2021" -EndDate "02/19/2021" -AppId "74c593f9-beca-45a2-b77e-cbf36fcfbd81"
 
    The function will search for all logs about InformationBarrierPolicyApplication related to AppId "74c593f9-beca-45a2-b77e-cbf36fcfbd81" between "01/19/2021" and "02/19/2021".
    #>

    [OutputType([System.Collections.ArrayList])]
    [CmdletBinding()]
    Param (
        [datetime]$StartDate,
        [datetime]$EndDate,
        [String]$AppId
    )
    Write-PSFHostColor -String "[$((Get-Date).ToString("HH:mm:ss"))] Searching Unified Audit Logs."
    $statusBar.Text = "Running..."
    
    $records = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -RecordType InformationBarrierPolicyApplication -ResultSize 5000 -ObjectIds $AppId
    if ($null -ne $records) {
        $array = New-Object System.Collections.ArrayList
        $array.AddRange( ($records.auditdata | convertfrom-json | Select-Object CommandId, CommandStarted, CommandType, CreationTime, EndTime, GalChangeType, Id, ObjectId, Operation, OrganizationId, policyChangeType, recipientId, RecordType, StartTime, UserId, UserKey, UserType, Version, Workload) )
        $statusBar.Text = "Ready. Records found: $($records.Count)"
        return $array
    }
    else {
        $statusBar.Text = "Ready. No records found"
    }
}