Problem with NT AUTHORITY\СИСТЕМА in windows event log
takezi
Hello.
While reading log from windows, I got string with two encodings WIN-1251 and UTF-8:
like 2017-02-21 16:40:24 IT-73.domain.name INFO 44 NT AUTHORITY\҈Ғƌ�Центр обновления Windows начал скачивать обновление.
where all message in utf-8, and part with AccountName that (usually NT AUTHORITY\SYSTEM in english version of Windows 7) but in russian version its NT AUTHORITY\СИСТЕМА and in logs it looks like NT AUTHORITY\҈Ғƌ�
If I use
convert_fields("AUTO", "utf-8")
I got proper AccountName, but all other parts got wrong encoding.
Is where any way to replace that part with correct encoding?
