![]() This example searches the unified audit log from to for all events relating to a specific Word document identified by its ObjectIDs value. Example 5 Search-UnifiedAuditLog -StartDate -EndDate -ObjectIDs " Documents/Sales Invoice - International.docx" The data is returned in pages as the command is rerun sequentially while using the same SessionId value. This example searches the unified audit log for any files accessed in SharePoint Online from to May 8, 2018. Example 4 Search-UnifiedAuditLog -StartDate -EndDate -RecordType SharePointFileOperation -Operations FileAccessed -SessionId "WordDocs_SharepointViews"-SessionCommand ReturnLargeSet Otherwise, the output is limited to 10,000 results. Don't switch between ReturnLargeSet and ReturnNextPreviewPage for the same session ID. Note: Always use the same SessionCommand value for a given SessionId value. If you don't include a time stamp in the StartDate or EndDate parameters, The data is returned in pages as the command is rerun sequentially while using the same SessionId value. This example searches the unified audit log for all events from to May 8, 2018. Example 3 Search-UnifiedAuditLog -StartDate -EndDate -SessionId "UnifiedAuditLogSearch 05/08/17" -SessionCommand ReturnLargeSet Note If you use the same date for the StartDate and EndDate parameters, you need to include a timestamp otherwise, no results will be returned because the date and time for the start and end dates will be the same. This example searches the unified audit log for all Exchange admin events from 8:00 AM to 6:00 PM on June 1, 2018. Example 2 Search-UnifiedAuditLog -StartDate " 8:00 AM" -EndDate " 6:00 PM" -RecordType ExchangeAdmin Note: If you don't include a timestamp in the value for the StartDate or EndDate parameters, the default timestamp 12:00 AM (midnight) is used. This example searches the unified audit log for all events from May 1, 201812:00AM to 12:00AM. Examples Example 1 Search-UnifiedAuditLog -StartDate -EndDate To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. You need to be assigned permissions before you can run this cmdlet. $start = (Get-Date).AddDays(-1) $end = (Get-Date).AddDays(-0.5) $auditData = New-Object Search-UnifiedAuditLog -StartDate $start -EndDate $end -OutVariable +auditData | Out-Null The OutVariable parameter accepts objects of type ArrayList. ![]() This cmdlet is available in Office 365 operated by 21Vianet, but it won't return any results. For more information, see Management Activity API reference. ![]() The Microsoft 365 Management Activity API is a REST web service that you can use to develop operations, security, and compliance monitoring solutions for your organization. If you want to programmatically download data from the Microsoft 365 audit log, we recommend that you use the Microsoft 365 Management Activity API instead of using the Search-UnifiedAuditLog cmdlet in a PowerShell script. ![]() For more information, see Audited activities. You can also view events from the unified auditing log by using the Microsoft Purview compliance portal. The Search-UnifiedAuditLog cmdlet is available in Exchange Online PowerShell. To gauge progress, look at the ResultIndex (hits in the current iteration) and ResultCount (hits for all iterations) properties of the data returned by the cmdlet. Use SessionId and SessionCommand to repeatedly run the cmdlet until you get zero returns, or hit the maximum number of results based on the session command. ![]() The Search-UnifiedAuditLog cmdlet presents pages of data based on repeated iterations of the same command. In this article Syntax Search-Unified Audit Log You can search for all events in a specified date range, or you can filter the results based on specific criteria, such as the user who performed the action, the action, or the target object.įor information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax. This log contains events from Exchange Online, SharePoint Online, OneDrive for Business, Azure Active Directory, Microsoft Teams, Power BI, and other Microsoft 365 services. Use the Search-UnifiedAuditLog cmdlet to search the unified audit log. This cmdlet is available only in the cloud-based service. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |