Share via

security/auditLog query returns incomplete results for sharePointFileOperation

DAVID KOSIK 0 Reputation points
2025-01-21T10:02:06.92+00:00

Trying to replace Search-UnifiedAuditLog cmdlet vie Graph API. In principle it works great but I noticed that when searching sharePointFileOperation audit events, the results are incomplete. No error, the search completes ok, results are downloaded, it appears ok at first sight, but some percentage of events is simply not there. I verified this by actually accessing the files under another account and checking the results several days later.

Can I be doing something wrong or is this due to the endpoint being beta?

Currently it is unusable even for testing.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,989 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saranya Madhu-MSFT 1,340 Reputation points Microsoft Vendor
    2025-01-31T10:17:10.2366667+00:00

    Hi DAVID KOSIK,

    Currently, GET /security/auditLog/queries APIs available only in beta. The beta endpoint includes APIs that are currently in preview and aren't yet generally available.

    Microsoft Graph beta endpoint is a preview version of the API that allows you to test and experiment with new features before they're released to the general public. Try these APIs and provide your feedback. We strongly recommend that developers use the v1.0 endpoint when building production apps.

    For details about changes to Microsoft Graph APIs in beta, explore the API changelog.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.