Forum Discussion
Solved
Help with parameter for Search-UnifiedAuditLog
Hi, Disclaimer: I am new to PowerShell, hence why I turn here for your input. Background: I'm creating a Power BI dashboard based on data exported from the O365 Audit Log. For the moment, I'...
NarasimaPerumal Chandramohan thanks for pointing me in the right direction. I managed to solve it by using SessionID and SessionCommand. All I needed was a while loop that kept running until the variable taking the audit data returned null, and keep appending the export file in every loop run.
What you are looking for I guess is something like a "NOT" operator, which will allow you to exclude all actions from particular user/account. Unfortunately, I'm not aware of such for the UserIds parameter of the Search-UnifiedAuditLog cmdlet. I guess you can do it the other way around, use the UserIds parameter to explicitly list all users, apart for the service account used for backups.
Flagging TonyRedmond to double-check.
VasilMichev Yes, I NOT EQUAL operator would be the optimal thing, but I have not got that to work. I guess it's not supported as no similar functionality exists for the Audit Log interface in the Security & Complience Center. And to pass all users except one is not a great option unfortunately.
