How to gather all Sharepoint logs with Microsoft Graph API?

Rák Máté 0 Reputation points
2023-02-21T09:27:47.41+00:00

Hi!
So basically I am building a desktop application, which can retrieve every type of actions performed on a sharepoint site, and can be filtered to any of the actions.

I can get these logs in the microsoft compliance center on the Auditlog search page, but none of the company members will get access to the compliance portal, yet some of the members will need to see sometimes the actions of the sharepoint site.

I have an AAD Application (with every possible permission delegated to it), I want the app to communicate and get the logs via an API that Microsoft provides.

I tried these API calls to retrieve the data but there were problems in every method:

GET "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?%24filter=activityDateTime%20ge%202023-02-01"

--200, No Sharepoint data retrieved

GET "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?%24filter=category%20eq%20'SharePoint'%20and%20activityDateTime%20ge%202023-02-01"

--200, still no Sharepoint data retrieved

GET "https://graph.microsoft.com/v1.0/sites/site-id/items/105/activities"

--400, "Resource not found for the segment 'activities'."

GET "https://graph.microsoft.com/v1.0/reports/getSharePointActivityPages(period='D180')"

--200, Only the report headers were retrieved - propably because tenant settings/license problems

GET "https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(date=2023-02-06)"

--200, Probably the same as above

And a Powershell script, that managed to retrive all SP operations with the Management API, but it can only search back for 24 hours, I need at least 1 month.

Can someone help me out? I don't have a lot of experience working with API-s sadly.

PS Scirpt to retrieve all Sharepoint activities from the last 24 hours

$ClientID = "*******"

$ClientSecret = "********"

$tenantdomain = "********"

$TenantGUID = "**************"

 

$loginURL = "https://login.microsoftonline.com/"

$resource = "https://manage.office.com"

# auth

$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}

$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body

$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}

 

Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/start?contentType=Audit.SharePoint" -Method Post | Out-Null

#Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/list"

 

$response = Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/content?contentType=Audit.SharePoint"

$contents = ConvertFrom-Json $response.Content;

$result = @();

foreach($blobInfo in $contents){

    $eventsResponse = Invoke-WebRequest -Headers $headerParams -Uri $blobInfo.contentUri | ConvertFrom-Json

    $result += $eventsResponse | select CreationTime, Operation, UserId, ObjectId

}

Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/stop?contentType=Audit.SharePoint" -Method Post | Out-Null

 

$result | Out-File -FilePath "******\result.txt"

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,819 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,558 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Gopinath Chennamadhavuni 2,436 Reputation points
    2023-04-07T10:20:50.06+00:00

    Hi @Rák Máté

    Thanks for reaching out.

    As per my knowledge, currently listed MS Graph APIs are available to get the activity of every user licensed to use SharePoint by looking at their interaction with files. SharePOint_APIs

    Reference link: https://learn.microsoft.com/en-us/graph/api/resources/sharepoint-activity-reports?view=graph-rest-1.0

    If you are looking for SharePoint online site usage details, please refer the document: https://learn.microsoft.com/en-us/graph/api/resources/sharepoint-site-usage-reports?view=graph-rest-1.0 SharePOint_Site_Usage_APIs

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.