This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 62%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
HI,
I’m searching O365 UnifiedAuditLog fro specific event. Problem is hat there is nested object and when doing conversion from Jason not all data is parsed.
AuditData : {"CreationTime":"2020-09-07T11:34:11","Id":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","Operation":"FolderBind","OrganizationId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","RecordType":2,"ResultStatus":"Succeeded","UserKey":"1003200047779776","UserType":0,"Version":1,"Workload":"Exchange","ClientIP":"2603:xxxx:xxxx:xx:xxxx::81","UserId":"upn@doamin.com","AppId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx","ClientAppId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx","ClientIPAddress":"2603:xxxx:xxxx:xx:xxxx::81","ClientInfoString":"Client=REST;Client=RESTSystem;;","ExternalAccess":false,"InternalLogonType":2,"LogonType":2,"LogonUserSid":"S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxx","MailboxGuid":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","MailboxOwnerSid":"S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxx","MailboxOwnerUPN":"upn@doamin.com","Organizat ":"domain.onmicrosoft.com","OriginatingServer":"VI1P195MBXXXX (15.20.3348.019)\u000d\u000a","Item":{"Id":"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY","ParentFolder":{"Id":"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY","Path":"\Send"}}}
Problem start with Item":{".
Data that is returned Item : @{Id=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY; ParentFolder=}
Is there any easy solution for this. I would like to pars output to CSV
Br,
Stane
Let's say that $A literal representation is:
Metadata Name
-------- ----
@{Height=6} Alfredo
All has been parsed, you can access Height this way:
$A.Metadata.Height
All data should be parsed @{Propety=Value...} is just the literal representation of the deserialized PScustomObject.
--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.
@Mali Stane
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?
----------
If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.
Hi alfredo-revilla-msft,
Can you help me, with sample : @{Propety=Value...}
I have done a workaround for event FolderBind. Because after “,"Item":” array, i get / we have two different parameter listed based on if this is client access or restapi access “like” Search.
But thank you that you take a time to answer. I miss TechNet forum…