[Feature Request] - Merge UAL output into one file for Get-AllUAL
Closed this issue · 3 comments
Currently the M365 extractor grabs the UAL by time and splits it into multiple CSV files. It would be good to have a flag that combines them with something like this
Get-ChildItem "$($OutputPath)\$($User)\Output\UnifiedAuditLog" -Recurse -Filter *.csv | Select-Object -ExpandProperty FullName | Import-Csv | Export-Csv "$($OutputPath)\$($User)\ParsedUAL" -NoTypeInformation -Append
Happy to raise a PR if you like, but i think the CSVs are deliberately split for large tenants with a large volume of logs, hence why i think it might be a good option to have rather than a default.
Hi there, thanks for the request. We used to acquire one large file, but we have indeed removed that. We believe split files are better, because you can already start analysis and you will have results back quicker. For large environments acquisition might take multiple hours and in worse case even days.
Feel free to do a PR, but we will only have it as an -output flag e.g. (Get-UALAll -Output largecsv)
Hi there, thanks for the request. We used to acquire one large file, but we have indeed removed that. We believe split files are better, because you can already start analysis and you will have results back quicker. For large environments acquisition might take multiple hours and in worse case even days.
Feel free to do a PR, but we will only have it as an -output flag e.g. (Get-UALAll -Output largecsv)
Thanks so much, I thought this could be the case. Happy to PR it as an optional flag, as it could still be useful for smaller datasets.
Cheers
Fine with us, we'll close this issue and happy to test a PR when you're ready.