Guzzy
Guzzy
It's a super useful feature. We were planning to use hawk to ingest into our ELK stack, but we have to make some foo to convert to ndjson. It would...
I think option 2 would be preferable for the wider community; however, it probably also requires a bit more work. :-)
> [@Guzzy711](https://github.com/Guzzy711), we would also be interested in hearing any pain points, suggestions, and any feedback in general as you begin ingesting the Hawk data into ELK. Thanks again for...
Maybe you can get inspired by the following to do the conversion: https://www.blackhillsinfosec.com/wrangling-the-m365-ual-part-3-of-3/