Created
April 20, 2023 22:11
-
-
Save neil-sabol/ff529d8dbe43a28de57c62d3c4d42e4a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function parse-m365-auditlogsearch-results { | |
| # Collect the input and output files | |
| Param ( | |
| [Parameter(Mandatory=$true)] | |
| [string] $auditlogsearchresultfile = "", | |
| [Parameter(Mandatory=$true)] | |
| [string] $outputcsvfilepath = "" | |
| ) | |
| # Import the Audit Log Search Result CSV file exported from Microsoft Purview | |
| $importedCSV = Import-Csv $auditlogsearchresultfile | |
| # Convert the nested JSON in the AuditData column from the CSV to JSON | |
| $csvToJSON = $importedCSV.AuditData | ConvertFrom-Json | |
| # Extract all of the possible field names from the JSON and export to the new CSV file | |
| $csvFields = $csvToJSON | Get-Member | ?{ $_.MemberType -eq "NoteProperty" } | select -ExpandProperty Name | Sort -Unique | |
| $csvFields -join "," | add-content -path $outputcsvfilepath | |
| # Iterate through the JSON and build the new CSV file, populating fields/values that are present | |
| $csvToJSON | %{ | |
| $currentEntry = $_ | |
| [string[]]$row = @() | |
| $csvFields | %{ | |
| $row += $([string]$currentEntry.$_).replace(',','|') | |
| } | |
| $row -join "," | add-content -path $outputcsvfilepath | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment