15 lines
366 B
Plaintext
15 lines
366 B
Plaintext
[source::WinEventLog:*]
|
|
TRANSFORMS-host = wef_computername_as_host
|
|
|
|
[sourcetype::powershell_transcript]
|
|
TRANSFORMS-powershell_rename_host = powershell_rename_host
|
|
|
|
[powershell_transcript]
|
|
BREAK_ONLY_BEFORE = THISREGEXDOESNTEXIST
|
|
DATETIME_CONFIG =
|
|
NO_BINARY_CHECK = true
|
|
TIME_FORMAT = %Y%m%d%H%M%S
|
|
TIME_PREFIX = Start\stime\:\s
|
|
category = Custom
|
|
pulldown_type = true
|