Office365 - UnifiedAuditData log - the odd JSON in the CSV


Author
Message
BonWierBR549
BonWierBR549
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)
Group: Forum Members
Posts: 3, Visits: 9
Greetings,

Has anyone been successful in making a parser for the odd AuditData field in the download of UnifiedAuditLog from Office365?

Thanks in advance,
BR549
LogViewPlus Support
LogViewPlus Support
Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)
Group: Moderators
Posts: 656, Visits: 2K
Hi,

I can probably help you with this configuration.  Do you think you can send me a few sample log entries so I can better understand the problem?

Thanks,

Toby
BonWierBR549
BonWierBR549
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)
Group: Forum Members
Posts: 3, Visits: 9
Greetings thank you for your reply - let me speak to my friend and see if she will allow me to share some lines from her O365. Thank you BR549
BonWierBR549
BonWierBR549
New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)New Member (5 reputation)
Group: Forum Members
Posts: 3, Visits: 9
Greetings - still speaking to my friend about sharing data from her log files - - BUT in the mean time - -here is a webpage that explains the potential variance in the types of entries that might be in a log file - - https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-schema - - - as you can see there are a LOT of possibilities and after thinking (and doing other research) I am not sure if ANY solution will fit the bill.  Thanks for you information and stay safe, BR549
LogViewPlus Support
LogViewPlus Support
Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)Forum Expert (925 reputation)
Group: Moderators
Posts: 656, Visits: 2K
Thanks for the update.

A wide range of logging possibilities is actually pretty common with log file formats.  Frequently though, a customer is using only a small subset of the possibilities.  That's why LogViewPlus puts the emphasis on configuration rather than supporting "The Office 365 Management Activity API schema".  Supporting the schema as a whole wouldn't necessarily be difficult, but it is just one of many.  Also, parsing a log file tends to be more straight-forward than supporting a format.  

I am confident that LogViewPlus can parse your log files. 

I understand that not all logs can be shared.  There are four options here:
1.  Scrub the log entries to remove any confidential information.  We can generally give you a good parse if we can see just 2 - 3 log entries.  We don't need the data, just the structure.
2.  Contact us directly.  This makes it a bit easier to share data.
3.  Review the documentation and see if you can crack it.  We are happy to help if you have any questions.  
4.  If all else fails - you can always write your own parser.  

Hope that helps,

Toby
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Login

Explore
Messages
Mentions
Search