Windows event fields parsing

I think this is a duplicate of SIEM Parsing? I've replied to it there, let's keep the discussion in the other thread.