O365_Unified_Auditlog_parser
1.4
O365 auditlog (Unified log) parser.
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
O365 auditlog (Unified log) parser.
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns
This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.
Show more
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns
This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.
Installation Options
Owners
Package Details
Author(s)
- mikko@lavento.com
Tags
O365 UnifiedAuditlog Auditlog parser
Dependencies
This script has no dependencies.
Release Notes
Added four columnheaders to result-csv table: ExtraProperties, SessionId, MailboxOwnerSid, LogonUserSid
FileList
- O365_Unified_Auditlog_parser.nuspec
- O365_Unified_Auditlog_parser.ps1