I'm currently working through a csv of Sharepoint AuditData and trying to evaluate several fields that are nested in the audit data field. I've tried all the Usual $_.AuditData.CreatedDate etc. but can't figure out how to query the data thats nested in it. It's my first time trying to evaluate against data thats structured like this and any help about how best to go about this would be very much appreciated.
I've tried the where object clause and its not returning the data I would expect
"PSComputerName","RunspaceId","PSShowComputerName","RecordType","CreationDate","UserIds","Operations","AuditData","ResultIndex","ResultCount","Identity","IsValid","ObjectState"
"REDACTED","REDACTED","REDACTED","REDACTED","REDACTED","REDACTED","REDACTED","{""AppAccessContext"":{""AADSessionId"":""REDACTED"",""CorrelationId"":""REDACTED"",""TokenIssuedAtTime"":""REDACTED"",""UniqueTokenId"":""REDACTED""},""CreationTime"":""REDACTED"",""Id"":""REDACTED"",""Operation"":""REDACTED"",""OrganizationId"":""REDACTED"",""RecordType""REDACTED""UserKey"":""REDACTED"",""UserType""REDACTED""Version""REDACTED""Workload"":""REDACTED"",""ClientIP"":""REDACTED"",""ObjectId"":""REDACTED"",""UserId"":""REDACTED"",""CorrelationId"":""REDACTED"",""EventSource"":""REDACTED"",""ItemType"":""REDACTED""",""ListId"":""REDACTED"",""ListItemUniqueId"":""REDACTED"",""Site"":""REDACTED"",""UserAgent"":""REDACTED"",""WebId"":"REDACTED"",""MachineId"":""REDACTED"",""FileSyncBytesCommitted"":""REDACTED"",""HighPriorityMediaProcessing""REDACTED""ImplicitShare"":""REDACTED"",""IsManagedDevice""REDACTED""SourceFileExtension"":""REDACTED"",""SiteUrl"":""REDACTED"",""SourceFileName"":""REDACTED"",""SourceRelativeUrl"":""REDACTED""}","REDACTED","REDACTED","REDACTED","REDACTED","REDACTED"
