Nxlog parse failure on windows to logstash

posted Jun 18, 2014, 5:47 AM by Allen Gattis   [ updated Jun 18, 2014, 5:59 AM ]
We found that nxlog made for the best windows log-shipper. But it didn't seem to parse the events in the event log. Output to logstash seemed not to be in json format, and we confirmed this by writing directly to disk. This happens even though the event log input module explicitly emits the log attributes atomically.

Turns out you have to explicitly tell the output module to use json. This isn't well documented, so here's an example.