can it take json as input ? (question)
splunk-user1 opened this issue · comments
splunk-user1 commented
I have evtx saved as json. Noticed in your blog that you convert evtx to json, before searching thru them. Is it possible to feed json directly ? Thanks
fscc-jamesd commented
Currently chainsaw can only take in event logs in their original evtx format. Down the line I might look at implementing the ability to ingest event logs in JSON format if there's anough demand for it. I'm going to close this issue for now.