O365_Unified_Auditlog_parser
1.6
O365 auditlog (Unified log) parser.
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it
O365 auditlog (Unified log) parser.
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns
This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.
You can run this from command line giving sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Show more
Applies to logs downloaded from https://protection.office.com/ - Search & investigation - Audit log search - Download - .csv
Downloaded log has 4 colums:
CreationDate | UserIds | Operations | Auditdata
Problem: the most important one (Auditdata) is string mess where data is delimited with ; , and [] and you can't really import it to excel to filter reasonably for examing.
Also problem: different services log more or less data so no fixed amount of columns
This parser will modify the Auditdata column, creates a table and exports the parsered csv file (to be imported to excel).
More comments inside the script.
You can run this from command line giving sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Installation Options
Author(s)
mikko@lavento.com
Package Details
Owners
Tags
O365 UnifiedAuditlog Auditlog parser
Dependencies
This script has no dependencies.
Release Notes
Cleaned up some lines and made description more accurate.
Added feature to accept sourcedirectory+file and destinationdirectory+file as arguments.
If they are omitted, script will ask sourcefile.
Examples:
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile "c:\dddd\sourcefile.csv" -destinationfile "c:\dddd\destinationfile.csv"
-- .\O365_Unified_Auditlog_parser.ps1 -sourcefile ".\AuditLog_2019-04-22_2019-04-30.csv" -destinationfile ".\AuditLog_2019-04-22_2019-04-30_parsered.csv"
Also added Columns: ImplicitShare, ModifiedProperties, SupportTicketId
FileList
- O365_Unified_Auditlog_parser.nuspec
- O365_Unified_Auditlog_parser.ps1