umpa385

Same issue here I've tried a ton of things from modify to grep and even trying to use strings in the message. I just think that the winlog source can't...

I found a fix for the issue atleast for myself. here is an example [Filter] name grep match * Exclude Message /enter regex here/

just trying to get around the issue, would it be possible to pull the xml files for the windows event logs instead, and use that as a work around?

will report back on how to get that done as a potential work around even though a native solution would be best. considering using this https://github.com/omerbenamram/evtx#example-usage-as-library

Hello wanted to add a current work around that I tested (its not a fully supported solution, but works for my use case) Using https://github.com/omerbenamram/evtx as a way to convert...

> @umpa385 do you maintain a fork of Vector to do this Nope I have a local repo that I'm using to convert the evtx files to json (kind of...

so wanted to add more to this. I was able to get this to kind of work in a hacky way, that isn't always 100%. You use vector to push...

I took another stab at this, I have a semi working version if you don't care about powershell logs. The idea is to use https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil to export the logs and...

Okay so sadly takes 2 agents, but it works, use winlogbeat to send logs over to vector. Trying to do something native is much harder right now, but this two...

Here is the config I have in vector. Basically setup winlogbeat as a logstash output and then vector ingests that. `sinks: win_logs: type: http inputs: - windows_logs encoding: codec: "json"...