In the event viewer the field name that I am looking for in the CSV export is "Account Name:" however, this field does not display in the export but does display if the "Result in PowerShell" script is run.
Result in PowerShell:
Get-EventLog -LogName Security| Select-Object -Property * | Select -first 10
CSV Export Script:
Get-EventLog -LogName Security | Select-Object -Property * | Export-Csv -Path C:\Export.csv
What I would like to achieve is pulling a report of user activity on the file share.
Apply calculated properties:
Several PowerShell cmdlets transform, group, or process input objects into output objects using parameters that allow the addition of new properties to those output objects. You can use these parameters to generate new, calculated properties on output objects based on the values of input objects. The calculated property is defined by a hashtable containing key-value pairs that specify the name of the new property, an expression to calculate the value, and optional formatting information.
In particular, you can use calculated properties to add additional members to the objects output with the Select-Object cmdlet, e.g. as follows:
#Requires -RunAsAdministrator
Get-EventLog -LogName Security |
Select-Object -Property @{
name = 'Account Name'; # or 'AccountName' with no space
expr = {($_.Message -split [System.Environment]::NewLine |
Select-String 'Account Name:' -SimpleMatch |
Select-Object -ExpandProperty Line
).Split( ':').Trim()[-1]
} }, * |
Select-Object -First 2 # optional to reduce output
However, some output fields (e.g. Data or ReplacementStrings) Export-Csv shows as System.Byte[], System.String[], or even System.Object[] etc. See this article :Avoiding System.Object[] (or Similar Output) when using Export-Csv…