johneiser
commented
3 years ago Ah, I see this was fixed and I was the third person to comment. Sorry! Great work.
Closed johneiser closed 3 years ago
johneiser
commented
3 years ago Ah, I see this was fixed and I was the third person to comment. Sorry! Great work.
I have filebeat picking up the logs from
C:\\ProgramData\edrsvc\log\output_events\*.logand sending them to elasticsearch. However, I cannot parse the logs, as they are multiline json with no newline between (}{).If we could make each log take up one line, or at least put a newline between json objects, that should make it possible for filebeat->elasticsearch to parse them.