Hey everyone! I'm developing a PowerShell script that helps me audit logs to track user activities, particularly when they use special privileges on their computers. I've enabled Group Policy and have a basic script that fetches the security audit records related to these special privileges. However, while the script outputs data into a CSV file, the 'Message' property contains a lot of unnecessary details. I just want to extract specific pieces of information from it, namely the `Account Name` and `Process Name`, and ideally, I'd like to split these into separate columns in the CSV. Can anyone suggest how I could achieve this using PowerShell? Should I be using `Where-Object` or `Select-String`, and how do I handle the variations in text across multiple entries?
1 Answer
You can reference specific columns in your CSV file as properties. For example, you can use `$myCSV.column1` to get all values related to that particular column. After that, you could definitely use the `Where-Object` cmdlet to filter for specific content within the 'Message' field.
So I could try something like:
~~~
Where-Object { $csv.Message -contains '*Name*' }
~~~
Would that give me the output I want?