Windows event logs into the ECS format

Hello, I want to ask how to use python convert windows event logs into the ECS format.

not use beats or logstash method.

If you are not going to use Beats, then you will need to build your parse in your python script, which is out of the scope of this forum.

You may look at how elastic parse the logs from windows event log and adapt it, for example, this is the ingest pipeline used to parse the security logs.

Thanks your reply,

more a quesion about if I had elasticsearch to collect windows event log not ecs format,
has any idea to transfer old data to ecs format ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.