Qazeer/Winlogbeat_Windows_single_EVTX_to_JSON.yml

## Winlogbeat_Windows_single_EVTX_to_JSON.yml
# Description: Winlogbeat configuration to parse a single EVTX file to JSON.
# Authors: Thomas DIOT (_Qazeer)
# Version: 1.0
# Last modified: 2022-12-05

winlogbeat.event_logs:
  - name: ${EVTX_FILE}
    no_more_events: stop

winlogbeat.registry_file: "${OUTPUT_FOLDER}\\winlogbeat_registry_file.yml"

disk:
    read_ahead: 8092

processors:
 - drop_fields:
        fields: ["beat", "metadata", "log", "agent", "ecs", "event", "host"]

logging.level: error

output.file:
  path: "${OUTPUT_FOLDER}"
  number_of_files: 1024
  rotate_every_kb: 500000
  rotate_on_startup: false
	# Description: Winlogbeat configuration to parse a single EVTX file to JSON.
	# Authors: Thomas DIOT (_Qazeer)
	# Version: 1.0
	# Last modified: 2022-12-05

	winlogbeat.event_logs:
	- name: ${EVTX_FILE}
	no_more_events: stop

	winlogbeat.registry_file: "${OUTPUT_FOLDER}\\winlogbeat_registry_file.yml"

	disk:
	read_ahead: 8092

	processors:
	- drop_fields:
	fields: ["beat", "metadata", "log", "agent", "ecs", "event", "host"]

	logging.level: error

	output.file:
	path: "${OUTPUT_FOLDER}"
	number_of_files: 1024
	rotate_every_kb: 500000
	rotate_on_startup: false