evtx icon indicating copy to clipboard operation
evtx copied to clipboard
verified publisher icon omerbenamram

Any options to exclude the record # and xml version lines?

Open fopson opened this issue 3 years ago • 3 comments

Hi Great tool! Is there an option to exclude the following lines from the output files?

Record ######
<?xml version="1.0" encoding="utf-8"?>

Thanks

fopson avatar Nov 05 '22 17:11 fopson

Same question but for -o json output...

luckman212 avatar Jul 29 '24 23:07 luckman212

#207 looks like it fixes the JSON issue related to the record number

max-weather avatar Sep 25 '24 15:09 max-weather

Haven't tested the PR, but I'm having to replace the "record number" lines with a "," and wrapping everything with [] to get it to parse in jq correctly.

tdeyarmin-mm avatar Mar 20 '25 00:03 tdeyarmin-mm