All, I was doing some reading during my spare time and the record related feature set is truly exciting.
However I was wondering, how should one extend the existing range of readers? I use for example ParseCEF and ParseEvtx. CEF while not particularly simple to parse and validate using RegEx'es (and Grok) is a reasonably structured format (with the same field supporting 9 different date formats...) ParseCEF currently exposes the parsed and validade CEF payload either to attributes or JSON to content file. And hence my question: Is this the desired path of action: ParseCEF -> JSON content -> ConvertRecord (using JsonPathReader) -> whatever ? Or should extension make more sense? Cheers
