Hi,
Welcome to the Microsoft Q&A platform!
You can try to do the following:
First, perform the search to retrieve the logs. You may want to limit the search by date range to reduce the data volume.
$startDate = (Get-Date).AddDays(-30)
$endDate = Get-Date
$logs = Search-AdminAuditLog -StartDate $startDate -EndDate $endDate
Once you have the logs, you can filter them based on the OriginatingServer
property.
$originatingServer = "YourServerName"
$filteredLogs = $logs | Where-Object { $_.OriginatingServer -eq $originatingServer }
Finally, you can review the filtered logs or export them for further analysis.
$filteredLogs | Format-Table -AutoSize
# OR
$filteredLogs | Export-Csv -Path "FilteredAuditLogs.csv" -NoTypeInformation
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.