I did that and reformatted my nxlog.conf. But messages are truncated for my platform logs, windows events look great.
########################################## ## EXTENSIONS ## ########################################## <Extension _json> Module xm_json </Extension> <Extension gelf> Module xm_gelf </Extension> ########################################## ## INPUTS ## ########################################## <Input eventlog> Module im_msvistalog Query <QueryList>\ <Query Id="0">\ <Select Path="Application">*</Select>\ <Select Path="System">*</Select>\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); </Input> <Input platform> Module im_file File 'c:\\Logs\\*.log' SavePos TRUE ReadFromLast TRUE </Input> ########################################## ## OUTPUTS ## ########################################## <Output out> Module om_udp Host 192.168.1.18 Port 12201 OutputType GELF </Output> <Route 1> Path eventlog, platform => out </Route> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/412afe70-5eda-429e-a0ce-247b7886b713%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
