I was going through the available metron parsers but couldn't figure out one available for parsing Active Directory logs!
I am wondering what approach I should take here? What could be a standard messaging format for AD logs?
Any help/suggestion/guidelines in this regard would be highly appreciable.
Thanks in advance.
@D M Provide an example log format. You can use grok parser with a custom grok statement.