m365-sharepoint-logs
Fetch sharepoint logs using Office 365 Management API
o365-sharepoint-logs [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- profile=PROFILE
- Office 365 connect profile name
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
| Field | Type | Name | Description | ||
|---|---|---|---|---|---|
| _time | Date | Time | |||
| profile | String | Connect profile | The identifier of Office 365 connect profile | ||
| workload | String | Workload | e.g. OneDrive, SharePoint | ||
| client_ip | IP address | Client IP | |||
| user_id | String | User ID | |||
| operation | String | Operation | e.g. FileUploaded, FileAccessed, FilePreviewed, FolderCreated, FileSyncUploadedFull | ||
| object_id | String | Object ID | e.g. https://acme-my.sharepoint.com/personal/scott/Documents/path/to/file.png | ||
| item_type | String | Item type | e.g. File, Folder, Field, Web, Site, List | ||
| user_agent | String | User agent | e.g. Microsoft SkyDriveSync 22.089.0426.0003 ship; Windows NT 10.0 (19044) | ||
| event_source | String | Event source | e.g. SharePoint | ||
| source_relative_url | String | Source relative URL | e.g. /Documents/path/to | ||
| source_file_name | String | Source file name | e.g. file.png | ||
| source_file_extension | String | Source file extension | e.g. png, xlsx, pdf, pptx, zip | ||
| version | Integer | Version | e.g. 1 | ||
| id | String | ID | GUID format | ||
| list_id | String | List ID | GUID format | ||
| list_item_id | String | List item ID | GUID format | ||
| org_id | String | Tenant ID | GUID format | ||
| web_id | String | Web ID | GUID format | ||
| site | String | Site | GUID format | ||
| site_url | String | Site URL | e.g. https://acme-my.sharepoint.com/personal/scott | ||
| record_type | Integer | Record type | e.g. 6 (File, Folder), 14 (Group), 56 (List column), 4 (Site), 36 (List) | ||
| user_type | Integer | User type | e.g. 0 | ||
| user_key | String | User key | e.g. i:0h.f | membership | 1000000000000000@live.com |
| correlation_id | String | Correlation ID | GUID format | ||
| app_id | String | App ID | GUID format | ||
| app_display_name | String | App display name | e.g. Microsoft Teams, OneNote |