can it take json as input ? (question)

splunk-user1 opened this issue

I have evtx saved as json. Noticed in your blog that you convert evtx to json, before searching thru them. Is it possible to feed json directly ? Thanks


Currently chainsaw can only take in event logs in their original evtx format. Down the line I might look at implementing the ability to ingest event logs in JSON format if there's anough demand for it. I'm going to close this issue for now.

