I am trying to send parse each of these XML fields into a field for graylog to handle, any ideas would help. I've added Module xm_xml and `Exec parse_windows_eventlog_xml(); to_xml();` but I'm not sure what else to do, I'm trying to work with this in the 'message' field The Federation Service validated a new credential. See XML for details. Activity ID: 494a36f8-9b89-4477-8676-0080000000e1 Additional Data XML: FreshCredentials Success None N/A https://xxxxxx.xxxxxxx.edu/adfs/services/trust AD AUTHORITY UNIVERSITY\xxxxxxxxxxxxxx N/A false N/A false N/A false false NotSet N/A N/A https://xxxxx.xxxxxx.edu/adfs/services/trust WSFederation Intranet x.x.94.22 x.x.128.226 N/A N/A N/A Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0 /adfs/ls/