AsishP/Get data from Office 365 Azure Log

## Get data from Office 365 Azure Log
using System;
using System.Collections.Generic;
using System.Net.Http.Headers;
using System.Web;
using Newtonsoft.Json.Linq;
using System.Net.Http;
using Newtonsoft.Json;
using System.IO;
using Microsoft.Extensions.Logging;
using System.Linq;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Table;
using Microsoft.WindowsAzure.Storage.File;
using System.Text;
using CsvHelper;
using System.Threading.Tasks;
using System.Globalization;
using Microsoft.Online.SharePoint.TenantAdministration;
using System.Security;
using Microsoft.SharePoint.Client;
using System.Net;

//JSON object for Initial Call
public class AuditInitialReport
{
    public string ContentUri { get; set; }
    public string ContentId { get; set; }
    public string ContentType { get; set; }
    public string ContentCreated { get; set; }
    public string ContentExpiration { get; set; }
}

public class AuditDetailedReport
    {
        public DateTime CreationTime { get; set; }
        public string Id { get; set; }
        public string Operation { get; set; }
        public string Workload { get; set; }
        public string ObjectId { get; set; }
        public string UserType { get; set; }
        public string UserTypeName { get; set; }
        public string RecordType { get; set; }
        public string RecordTypeName { get; set; }
        public string UserId { get; set; }
        public string EventSource { get; set; }
        public string SiteUrl { get; set; }
        public string Site { get; set; }
        public string WebId { get; set; }
        public string WebSiteName { get; set; }
        public string ListId { get; set; }
        public string ListName { get; set; }
        public string ListItemUniqueId { get; set; }
        public string ItemName { get; set; }
        public string ItemType { get; set; }
        public string SourceFileExtension { get; set; }
        public string SourceFileName { get; set; }
        public string SourceRelativeUrl { get; set; }
        public string UserAgent { get; set; }
        public string EventData { get; set; }
        public string TargetUserOrGroupType { get; set; }
        public string TargetUserOrGroupName { get; set; }
        public string TargetExtUserName { get; set; }
        public string UniqueSharingId { get; set; }
        public string OrganizationId { get; set; }
        public string UserKey { get; set; }
        public string ClientIP { get; set; }
        public string CorrelationId { get; set; }
    }

public class AuditLogDataPull
{
    string TenantID = <TenantID>;
    string authString = "https://login.windows.net/" + TenantID;
    string urlParameters = $"?contentType=Audit.SharePoint&startTime={startDateString}&endTime={endDateString}";

    // Loop through the Office 365 Management API call till the NextPageURI is null i.e. there are no pages left
    do
    {
        // Get teh initial data entry for the data pull
        auditInitialDataObject = getAuditInitalData(SPServiceUrl, urlParameters);

        // Get the next page URI to form the next parameter call
        if (auditInitialDataObject.AuditNextPageUri != "")
            urlParameters = "?" + auditInitialDataObject.AuditNextPageUri.Split('?')[1];

        //List of JSON objects from the initial data call
        List<AuditInitialReport> auditInitialReports = auditInitialDataObject.AuditInitialDataObj;

        // To increase performance call multiple endpoints at a time using Parallel loops
        int maxCalls = 200;
        int count = 0;
        Parallel.ForEach(auditInitialReports, new ParallelOptions { MaxDegreeOfParallelism = maxCalls }, (auditInitialReport) =>
        {
            int loopCount = count++;
            log.LogInformation("Looking at request " + loopCount);
            // For brevity, have omitted the definition of AuditDetailedReport object. Please create this class and add variables to map
            List<AuditDetailedReport> auditDetailReports = getAuditDetailData(auditInitialReport.ContentUri);

            log.LogInformation("Got Audit Detail Reports of " + auditDetailReports.Count + " for loop number " + loopCount);
            foreach (AuditDetailedReport auditDetailReport in auditDetailReports)
            {
                auditDetailReportsFinal.Add(auditDetailReport);
            }
        });
    } while (auditInitialDataObject.AuditNextPageUri != "");

    // Method to get the data for initial data pull
    public AuditInitialDataObject getAuditInitalData(string SPServiceUrl, string urlParameters)
    {
        AuditInitialDataObject auditInitialDataObj = new AuditInitialDataObject();
        try
        {
            List<AuditInitialReport> auditInitialReports = new List<AuditInitialReport>();
            // **** Call the Http Client Service ****
            HttpClient client = new HttpClient();
            client.BaseAddress = new Uri(SPServiceUrl);

            // Add an Accept header for JSON format.
            client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken.ToString());
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            // List data response.
            HttpResponseMessage response = client.GetAsync(urlParameters, HttpCompletionOption.ResponseContentRead).Result; // Blocking call!
            if (response.IsSuccessStatusCode)
            {
                // Parse the response body. Blocking!
                Stream dataObjects = response.Content.ReadAsStreamAsync().Result;
                StreamReader reader = new StreamReader(dataObjects);
                string responseObj = reader.ReadToEnd();
                auditInitialReports = JsonConvert.DeserializeObject<List<AuditInitialReport>>(responseObj);
                IEnumerable<string> values;
                if (response.Headers.TryGetValues("NextPageUri", out values))
                {
                    auditInitialDataObj.AuditNextPageUri = values.First();
                    auditInitialDataObj.AuditInitialDataObj = auditInitialReports;
                }
                else
                {
                    auditInitialDataObj.AuditNextPageUri = "";
                    auditInitialDataObj.AuditInitialDataObj = auditInitialReports;
                }
            }
            else
            {
                log.LogError($"{(int)response.StatusCode} ({response.ReasonPhrase})");
            }
        }
        catch(Exception ex)
        {
            log.LogError($"Error while fetching initial Audit Data. Error message - {ex.Message}");
        }

        return auditInitialDataObj;
    }

    // Method to get the Audit Log data
    // Note: The definition for Audit Detailed report class is neglected in this example here
    public List<AuditDetailedReport> getAuditDetailData(string SPServiceUrl)
    {
        List<AuditDetailedReport> auditDetailData = new List<AuditDetailedReport>();
        try
        {
            int retries = 0;
            bool success = false;
            // **** Call the Http Client Service ****
            HttpClient client = new HttpClient();
            string urlParameters = "";
            client.BaseAddress = new Uri(SPServiceUrl);

            // Add an Accept header for JSON format.
            client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken.ToString());
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            // List data response.
            HttpResponseMessage response = client.GetAsync(urlParameters, HttpCompletionOption.ResponseContentRead).Result; // Blocking call!
            if (response.IsSuccessStatusCode)
            {
                success = true;
                // Parse the response body. Blocking!
                Stream dataObjects = response.Content.ReadAsStreamAsync().Result;
                StreamReader reader = new StreamReader(dataObjects);
                string responseObj = reader.ReadToEnd();
                auditDetailData = JsonConvert.DeserializeObject<List<AuditDetailedReport>>(responseObj);
            }
        }
        catch(Exception ex)
        {
            log.LogError($"Error while getting Detailed Audit Data. Error message - {ex.Message}");
        }
        return auditDetailData;
    }
}
	using System;
	using System.Collections.Generic;
	using System.Net.Http.Headers;
	using System.Web;
	using Newtonsoft.Json.Linq;
	using System.Net.Http;
	using Newtonsoft.Json;
	using System.IO;
	using Microsoft.Extensions.Logging;
	using System.Linq;
	using Microsoft.WindowsAzure.Storage;
	using Microsoft.WindowsAzure.Storage.Table;
	using Microsoft.WindowsAzure.Storage.File;
	using System.Text;
	using CsvHelper;
	using System.Threading.Tasks;
	using System.Globalization;
	using Microsoft.Online.SharePoint.TenantAdministration;
	using System.Security;
	using Microsoft.SharePoint.Client;
	using System.Net;

	//JSON object for Initial Call
	public class AuditInitialReport
	{
	public string ContentUri { get; set; }
	public string ContentId { get; set; }
	public string ContentType { get; set; }
	public string ContentCreated { get; set; }
	public string ContentExpiration { get; set; }
	}

	public class AuditDetailedReport
	{
	public DateTime CreationTime { get; set; }
	public string Id { get; set; }
	public string Operation { get; set; }
	public string Workload { get; set; }
	public string ObjectId { get; set; }
	public string UserType { get; set; }
	public string UserTypeName { get; set; }
	public string RecordType { get; set; }
	public string RecordTypeName { get; set; }
	public string UserId { get; set; }
	public string EventSource { get; set; }
	public string SiteUrl { get; set; }
	public string Site { get; set; }
	public string WebId { get; set; }
	public string WebSiteName { get; set; }
	public string ListId { get; set; }
	public string ListName { get; set; }
	public string ListItemUniqueId { get; set; }
	public string ItemName { get; set; }
	public string ItemType { get; set; }
	public string SourceFileExtension { get; set; }
	public string SourceFileName { get; set; }
	public string SourceRelativeUrl { get; set; }
	public string UserAgent { get; set; }
	public string EventData { get; set; }
	public string TargetUserOrGroupType { get; set; }
	public string TargetUserOrGroupName { get; set; }
	public string TargetExtUserName { get; set; }
	public string UniqueSharingId { get; set; }
	public string OrganizationId { get; set; }
	public string UserKey { get; set; }
	public string ClientIP { get; set; }
	public string CorrelationId { get; set; }
	}

	public class AuditLogDataPull
	{
	string TenantID = <TenantID>;
	string authString = "https://login.windows.net/" + TenantID;
	string urlParameters = $"?contentType=Audit.SharePoint&startTime={startDateString}&endTime={endDateString}";

	// Loop through the Office 365 Management API call till the NextPageURI is null i.e. there are no pages left
	do
	{
	// Get teh initial data entry for the data pull
	auditInitialDataObject = getAuditInitalData(SPServiceUrl, urlParameters);

	// Get the next page URI to form the next parameter call
	if (auditInitialDataObject.AuditNextPageUri != "")
	urlParameters = "?" + auditInitialDataObject.AuditNextPageUri.Split('?')[1];

	//List of JSON objects from the initial data call
	List<AuditInitialReport> auditInitialReports = auditInitialDataObject.AuditInitialDataObj;

	// To increase performance call multiple endpoints at a time using Parallel loops
	int maxCalls = 200;
	int count = 0;
	Parallel.ForEach(auditInitialReports, new ParallelOptions { MaxDegreeOfParallelism = maxCalls }, (auditInitialReport) =>
	{
	int loopCount = count++;
	log.LogInformation("Looking at request " + loopCount);
	// For brevity, have omitted the definition of AuditDetailedReport object. Please create this class and add variables to map
	List<AuditDetailedReport> auditDetailReports = getAuditDetailData(auditInitialReport.ContentUri);

	log.LogInformation("Got Audit Detail Reports of " + auditDetailReports.Count + " for loop number " + loopCount);
	foreach (AuditDetailedReport auditDetailReport in auditDetailReports)
	{
	auditDetailReportsFinal.Add(auditDetailReport);
	}
	});
	} while (auditInitialDataObject.AuditNextPageUri != "");

	// Method to get the data for initial data pull
	public AuditInitialDataObject getAuditInitalData(string SPServiceUrl, string urlParameters)
	{
	AuditInitialDataObject auditInitialDataObj = new AuditInitialDataObject();
	try
	{
	List<AuditInitialReport> auditInitialReports = new List<AuditInitialReport>();
	// ** Call the Http Client Service **
	HttpClient client = new HttpClient();
	client.BaseAddress = new Uri(SPServiceUrl);

	// Add an Accept header for JSON format.
	client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken.ToString());
	client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

	// List data response.
	HttpResponseMessage response = client.GetAsync(urlParameters, HttpCompletionOption.ResponseContentRead).Result; // Blocking call!
	if (response.IsSuccessStatusCode)
	{
	// Parse the response body. Blocking!
	Stream dataObjects = response.Content.ReadAsStreamAsync().Result;
	StreamReader reader = new StreamReader(dataObjects);
	string responseObj = reader.ReadToEnd();
	auditInitialReports = JsonConvert.DeserializeObject<List<AuditInitialReport>>(responseObj);
	IEnumerable<string> values;
	if (response.Headers.TryGetValues("NextPageUri", out values))
	{
	auditInitialDataObj.AuditNextPageUri = values.First();
	auditInitialDataObj.AuditInitialDataObj = auditInitialReports;
	}
	else
	{
	auditInitialDataObj.AuditNextPageUri = "";
	auditInitialDataObj.AuditInitialDataObj = auditInitialReports;
	}
	}
	else
	{
	log.LogError($"{(int)response.StatusCode} ({response.ReasonPhrase})");
	}
	}
	catch(Exception ex)
	{
	log.LogError($"Error while fetching initial Audit Data. Error message - {ex.Message}");
	}

	return auditInitialDataObj;
	}

	// Method to get the Audit Log data
	// Note: The definition for Audit Detailed report class is neglected in this example here
	public List<AuditDetailedReport> getAuditDetailData(string SPServiceUrl)
	{
	List<AuditDetailedReport> auditDetailData = new List<AuditDetailedReport>();
	try
	{
	int retries = 0;
	bool success = false;
	// ** Call the Http Client Service **
	HttpClient client = new HttpClient();
	string urlParameters = "";
	client.BaseAddress = new Uri(SPServiceUrl);

	// Add an Accept header for JSON format.
	client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken.ToString());
	client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

	// List data response.
	HttpResponseMessage response = client.GetAsync(urlParameters, HttpCompletionOption.ResponseContentRead).Result; // Blocking call!
	if (response.IsSuccessStatusCode)
	{
	success = true;
	// Parse the response body. Blocking!
	Stream dataObjects = response.Content.ReadAsStreamAsync().Result;
	StreamReader reader = new StreamReader(dataObjects);
	string responseObj = reader.ReadToEnd();
	auditDetailData = JsonConvert.DeserializeObject<List<AuditDetailedReport>>(responseObj);
	}
	}
	catch(Exception ex)
	{
	log.LogError($"Error while getting Detailed Audit Data. Error message - {ex.Message}");
	}
	return auditDetailData;
	}
	}