O365_Unified_Auditlog_parser
1.6
O365 auditlog (Unified log) parser.
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
O365 auditlog (Unified log) parser.
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns
This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.
You can run this from command line giving sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Show more
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns
This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.
You can run this from command line giving sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Installation Options
Owners
Package Details
Author(s)
- mikko@lavento.com
Tags
O365 UnifiedAuditlog Auditlog parser
Dependencies
This script has no dependencies.
Release Notes
Cleaned up some lines and made description more accurate.
Added feature to accept sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Also added Columns: ImplicitShare, ModifiedProperties, SupportTicketId
FileList
- O365_Unified_Auditlog_parser.nuspec
- O365_Unified_Auditlog_parser.ps1