Phil Hagen

This is ready for testing on the `develop` branch. To test, please do the following. (Tested on a FOR509 VM, but should work with current public version as well.) 1....

thx - will take a look shortly!

@randomaccess3 I'm assuming you're missing a `,` between the `UserId` and `AuditData` fields. Going on that assumption as I track this through the parser

following up here - with the modifications listed below, the above log parsed fine. I think this can be closed but will await confirmation from @randomaccess3. - add comma after...

so strange - that parsed fine on this end. No `jsonparsefailure` in `tags`... ``` { "_index": "office365-2022.08", "_type": "_doc", "_id": "6poWGIMBBXjwRUZMUag5", "_version": 1, "_score": 1, "_source": { "session_guid": "11111111-c615-4956-a572-651411111111", "record_id":...

There definitely is no handler for that format, but we haven't seen it before - as @randomaccess3 said.

maybe use this method to auto-kick the AWS logs that don't have a newline?

make the script capable of deleting based on high-water-mark for storage as well. make sure it's capable of running via a cron job.

may be/will likely be obsoleted by #102

also consider publicsuffix.org