wolf1892
commented
1 year ago I have a temporary working solution, hopefully something like this can be worked out? https://github.com/wolf1892/fluent-plugin-windows-eventlog/blob/master/lib/fluent/plugin/in_windows_eventlog2.rb
Parse_description, does not parse sysmon description::key. Cause the delimiter over there is specified by /r/n
Is it possible to have a support for sysmon, to parse_description?