Command line flag to skip printing "#attributes" while taking output as JSON

Question

Command line flag to skip printing "#attributes" while taking output as JSON

Pinpwn opened this issue 2 years ago · comments

Kushagra Choudhary commented 2 years ago

The JSON output contains "#attributes" which alters the true nature of the log and makes querying data a challenge.

The introduction of a simple command line flag that skips printing the "#attributes" text and prints even attributes as simple parent-child will make life easy for anybody who has to load and query the output of this project.

JSON formed by parsing EVTX using rust_evtx:

{
  "Event": {
    "#attributes": {
      "xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
    }
    .
    .
  }
}

Desired JSON:

{
  "Event": {
    {
      "xmlns": "http://schemas.microsoft.com/win/2004/08/events/event"
    }
    .
    .
  }
}

Thank you for considering my sincere request.